domain - Inherited website changing CSSJS path

admin管理员组

文章数量:1130349

Disclaimer - I don't often use WP and am somewhat limited in my knowledge of it;s inner workings, please don't many assumptions of my knowledge and explain everything as clearly as you can

I inherited a WP site, that last week stopped loading CSS/JS without me, or any other developers touching it. The developer who created the site I believe was unskilled and very "plug-in happy". There are many freemium plug-ins installed (the dashboard is littered with "upgrade now" boxes.

The issue is that the siteurl option appears to have been changed to this domain under the options table in the database, which was causing the page to try and load any images, CSS or JS from this domain.

I'm assuming the issue was caused by a plug-in automatically making the change - I'm not sure if this is something that can happen or not, however I rolled the site back to a back-up and this appeared to fix the issue. Two days later the issue crept back in. I have since accessed the database directly and updated the option. I am hoping to find out what the root cause is and how to stop it, in case this continues to happen in future.

Thank you for your time.

Disclaimer - I don't often use WP and am somewhat limited in my knowledge of it;s inner workings, please don't many assumptions of my knowledge and explain everything as clearly as you can

I inherited a WP site, that last week stopped loading CSS/JS without me, or any other developers touching it. The developer who created the site I believe was unskilled and very "plug-in happy". There are many freemium plug-ins installed (the dashboard is littered with "upgrade now" boxes.

The issue is that the siteurl option appears to have been changed to this domain under the options table in the database, which was causing the page to try and load any images, CSS or JS from this domain.

I'm assuming the issue was caused by a plug-in automatically making the change - I'm not sure if this is something that can happen or not, however I rolled the site back to a back-up and this appeared to fix the issue. Two days later the issue crept back in. I have since accessed the database directly and updated the option. I am hoping to find out what the root cause is and how to stop it, in case this continues to happen in future.

Thank you for your time.

• domain
• automatic-updates

Share Improve this question edited Nov 28, 2018 at 22:20 Aphire asked Nov 28, 2018 at 22:08 AphireAphire 11355 bronze badges 3

• Honestly that sounds more like the site has been hacked than like a plugin doing anything. No plugin should ever change the siteurl option unless it has malicious intent. Unless something else is going on here, like perhaps a CDN that went on the fritz, I would have someone more experienced investigate to see whether it has indeed been compromised. – WebElaine Commented Nov 28, 2018 at 22:44
• Hi Elaine, thank you for your time. I was beginning to think this might be the case as well. I have disabled any out of date plugins and currently have WP version 4.9.8 installed, which I believe is up to date? – Aphire Commented Nov 28, 2018 at 22:52
• As far as I can tell the JS on that domain doesn't appear to do anything particularly nasty, just looks like some kind of Analytics tool, still fairly concerning though – Aphire Commented Nov 28, 2018 at 23:01

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 3

I would first remove any plugins that are not needed, or any that haven't been updated for a while. Then I would install all updates (themes and plugins) and reinstall WP (all from the Admin, Update screen). That will get you a fresh install of WP and plugins/themes.

Then I would manually look at all site folders for files that are not the current date (all 'good' files would have today's date, because you updated everything). (I might even go so far as to reinstall plugins/themes from the WP repository, if there were no updates. That gets you current on everything.) Any file with a date outside of today would be looked at for nefarious code.

Then I would change all user credentials (WP admins at the very least), plus hosting account and FTP users, using strong (and new and different for each account) passwords.

That should clear up any possible bad code. Then I'd look at the page source of a few pages and see if there is any possible code that is not supposed to be there.

The result should be a 'clean' site. Then monitor the site to ensure 'cleanliness'.

Disclaimer - I don't often use WP and am somewhat limited in my knowledge of it;s inner workings, please don't many assumptions of my knowledge and explain everything as clearly as you can

I inherited a WP site, that last week stopped loading CSS/JS without me, or any other developers touching it. The developer who created the site I believe was unskilled and very "plug-in happy". There are many freemium plug-ins installed (the dashboard is littered with "upgrade now" boxes.

The issue is that the siteurl option appears to have been changed to this domain under the options table in the database, which was causing the page to try and load any images, CSS or JS from this domain.

I'm assuming the issue was caused by a plug-in automatically making the change - I'm not sure if this is something that can happen or not, however I rolled the site back to a back-up and this appeared to fix the issue. Two days later the issue crept back in. I have since accessed the database directly and updated the option. I am hoping to find out what the root cause is and how to stop it, in case this continues to happen in future.

Thank you for your time.

Disclaimer - I don't often use WP and am somewhat limited in my knowledge of it;s inner workings, please don't many assumptions of my knowledge and explain everything as clearly as you can

I inherited a WP site, that last week stopped loading CSS/JS without me, or any other developers touching it. The developer who created the site I believe was unskilled and very "plug-in happy". There are many freemium plug-ins installed (the dashboard is littered with "upgrade now" boxes.

The issue is that the siteurl option appears to have been changed to this domain under the options table in the database, which was causing the page to try and load any images, CSS or JS from this domain.

I'm assuming the issue was caused by a plug-in automatically making the change - I'm not sure if this is something that can happen or not, however I rolled the site back to a back-up and this appeared to fix the issue. Two days later the issue crept back in. I have since accessed the database directly and updated the option. I am hoping to find out what the root cause is and how to stop it, in case this continues to happen in future.

Thank you for your time.

• domain
• automatic-updates

Share Improve this question edited Nov 28, 2018 at 22:20 Aphire asked Nov 28, 2018 at 22:08 AphireAphire 11355 bronze badges 3

• Honestly that sounds more like the site has been hacked than like a plugin doing anything. No plugin should ever change the siteurl option unless it has malicious intent. Unless something else is going on here, like perhaps a CDN that went on the fritz, I would have someone more experienced investigate to see whether it has indeed been compromised. – WebElaine Commented Nov 28, 2018 at 22:44
• Hi Elaine, thank you for your time. I was beginning to think this might be the case as well. I have disabled any out of date plugins and currently have WP version 4.9.8 installed, which I believe is up to date? – Aphire Commented Nov 28, 2018 at 22:52
• As far as I can tell the JS on that domain doesn't appear to do anything particularly nasty, just looks like some kind of Analytics tool, still fairly concerning though – Aphire Commented Nov 28, 2018 at 23:01

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 3

I would first remove any plugins that are not needed, or any that haven't been updated for a while. Then I would install all updates (themes and plugins) and reinstall WP (all from the Admin, Update screen). That will get you a fresh install of WP and plugins/themes.

Then I would manually look at all site folders for files that are not the current date (all 'good' files would have today's date, because you updated everything). (I might even go so far as to reinstall plugins/themes from the WP repository, if there were no updates. That gets you current on everything.) Any file with a date outside of today would be looked at for nefarious code.

Then I would change all user credentials (WP admins at the very least), plus hosting account and FTP users, using strong (and new and different for each account) passwords.

That should clear up any possible bad code. Then I'd look at the page source of a few pages and see if there is any possible code that is not supposed to be there.

The result should be a 'clean' site. Then monitor the site to ensure 'cleanliness'.

本文标签： domainInherited website changing CSSJS path