Msg#: 3830507 posted 5:37 pm on Jan 20, 2009 (gmt 0)
I have a site that is based on Wordpress. It has been working fine. This morning I had added my Google Analytics code to the footer and decided then I would update some plugins. Anytime I clicked on the settings of a plugin I had added it took me to:
I have disabled all plugins and added then back in one at a time and it still does it no matter how few I have and when I change up the order I reload them.
I had someone looking at it and he is giving up but the last he said was it was loading an iframe before the site. I honestly do not know why anyone would hijack a plugin setting since the only people that see it is the web owner and its just going to piss him off. I wonder if it really is even a hi-jacking?
If anyone is willing to take a look I would sure appreciate it. Let me know by PM and I will send you ftp, wp-admin etc.
Thanks so much.
[edited by: ergophobe at 6:47 pm (utc) on Jan. 20, 2009] [edit reason] Personal URL removed, nefarious URL exemplified [/edit]
Msg#: 3830507 posted 11:57 pm on Jan 20, 2009 (gmt 0)
Let me ask the obvious question. Are you sure what you are clicking is really the settings? I only ask because I have seen links in plugins that are really promotions for other websites and not settings. Did you download this plugin from somewhere other than the wordpress website? I have heard of themes being hacked and hosted for download on other websites but perhaps it happens with plugins too. Always download themes and plugins from the wordpress website. Next I would deactivate and delete all the plugins. You can delete them in example.com/wp-content/plugins, test and see if your problem is gone. If it is then download what you need from wordpress website and try reinstalling and activating one by one and testing.
Msg#: 3830507 posted 2:36 am on Jan 21, 2009 (gmt 0)
I'm saying put your site in maintenance mode and delete (or rather move to a directory outside your WP install) all themes and try it with a fresh upload of the default theme.
Honestly, I have no idea if this will work, but it will remove one source from consideration.
That said, personally what I would probably do first is look at the html source and try to find some unique code from the offending page and grep the whole WP install for it and see if that turned up anything and I would do the same with a dump of the MySQL file.
Msg#: 3830507 posted 2:43 am on Jan 21, 2009 (gmt 0)
So, sorry for my disorganization. In order, I would do this:
2. grep through all files for some unique text (the domain name or iframe tag or something).
3. do a DB dump and grep through that for the string.
4. move all themes outside WP install and try a known good theme.