Archive

Archive for March, 2022

WordPress-Critical Error

March 5th, 2022 No comments

WordPress is usually a very reliable platform. However, I have had some recent issues with my installs due to an upgrade by my hosting provider, Bluehost.

The last thing you want to see when visiting your site is a critical error notice.

PHP Version

I had several sites go down because Bluehost upgraded the php version of their service. They did inform me, but the email went in my spam and I found it after the issues started. The email notice did not say: This update CAN BREAK your site, in large print, so I might not have worried too much if I had seen it.

It turns out that the php version is important. At a certain point, older versions cannot communicate with newer versions. Backwards compatibility is limited at major upgrades.

Our servers support PHP 7.2 and higher. PHP versions 7.2 and higher offer a significant improvement to speed and memory usage over past PHP versions.  — Bluehost

Now I know how to update the php version of my sites if I ever receive a notice like that again. These repairs cannot be done from inside WordPress.

This linked help (above) is specific to Bluehost, however PHP management is similar on any hosting site.  Every hosting company may have a different system, so it is best to contact your host and have them help you. Call Three to Bluehost, described in the previous post was when a helpful tech support technician fixed a couple of sites and then told me how to do the rest. 

However, even after that was done, I still had one site that did not function properly. I called the Bluehost help again. Generally, when I call support for big companies, I find I get faster service when I phone late at night because most of the clients are in North America. I live in PST, and the middle of the night is daytime in India where Bluehost support technicians are located.   

.htaccess file

It turns out that the .htaccess file for that one site needed to be updated manually. I looked it up and this file can definitely break your WordPress.

What is the default WordPress .htaccess file?
WordPress uses the default . htaccess file to store configuration information and handle server requests. For example, . htaccess can enable or disable many server features, including redirection of URLs, server signature, caching of files, password protection, and customized error pages. May 22, 2019 

Again this is a function that cannot be controlled by signing into your WordPress site. These files are located on the host site. Usually in my experience, after the installation, WordPress functions smoothly and I don’t have to re-configure these files manually. 

I am not sure why changing the php version affected the .htaccess file. However, my Bluehost support identified and repaired the issue very quickly.

Regular Updates in WordPress

Once you get back in your site, it is always good to keep your plugins, theme and core wordpress files up to date. There is less chance of a compatibility issue if you are using the latest versions.

If you are using a theme or plugins that have not been updated by the author in a while, you might want to change them. There are always many options with engaged authors who regularly update their work.

Running the latest version of WordPress, theme and plugins also helps keep your site safe. Vulnerabilities in older software do become known over time and can be exploited. Updated versions often repair these vulnerable areas to prevent infection with virus or malware. More on this in future posts as I continue to work to improve these aspects of my sites.

WordPress Hosting + Site Repair

March 3rd, 2022 No comments

Summary – If your wordpress site goes down make sure that your webhost has not altered your hosting.  I did and maybe still do, have some malware on some sites. However, my core issue was a PhP update that took my sites down.

Advice – Don’t throw money at the problem until you know what it is! Change all your passwords. Read the posting for my story and links to other posts that offer reliable help.

Process of Detection and Repair

My site went down and several of my other sites were affected. I contacted my webhost, Bluehost, immediately. I noticed a major reorganization and new graphic symbolism on their site after sign in. The control panel (cpanel) that I use to control any issues is now under “Advanced” at the bottom of the sidebar. The hosting now opens by default on a page for WordPress management.

Call One – First I asked if my site had been moved by Bluehost. Previously, I had issues when a reorganization moved my hosting to another server location. I also pointed out the redesigned site and asked if there were major upgrades. I was told that Bluehost had not done anything to affect my hosting.

I was informed that I had malware on my site and that a Sitelock scan could identify the issues. I was surprised because when Sitelock was introduced to me, I was told it was a constant scan to identify any malware issues on my sites. If anything was found, I would receive an email.

Now that I have a problem, the Bluehost support told me that the free version is limited. They can run a scan on request, but I would be responsible for removing the malware myself. She offered to email me the scan when it was complete. The tech was not sure if there was a real time scan at all. there was a sales pitch for the paid version. 

I will have to investigate Sitelock, “We secure websites by automatically finding and fixing threats”. So far, they are not inspiring confidence. It makes no sense for me to have to request a scan if they are “automatically finding” and the “fixing” is only in the paid version. I had a false sense of security because Bluehost told me I had Sitelock on my sites.

The scan would be an important tool. but I was still investigating the issues. I wasn’t sure that was the whole story as the sites were affected differently.

Repair One – Changed my hosting password. Noted that all the html pages were loading, but only the WordPress was affected.

Call Two – I contacted Bluehost support again with questions. This support individual apologized and told me that the scan could be found on my hosted files. Support technicians are not allowed to email clients.  Good to know. I found the scan using file manager from the cpanel. This individual advised me to download affected files to my computer and repair them.

No way would I ever do that. I am always careful with downloads and it is not advisable to download possibly inflected files to your computer. 

REPAIR Two – A Under the Advanced>cPanel>File Manager

Oh good it is still there. I found the Sitelock report and opened it, copied the text and pasted it into a text editor on my computer. The report is not in the folder public html so should not be affected. Even so, I am careful.

I saw a lot of PhP errors, but only a few traces of html malware. The ones I knew I could repair were code in html. I found them by using the power of the cPanel File Manager to search the online site for the offending code. I copied the code from the report into search and hit enter. Then I opened the affected file in the File Manager, removed the code and resaved.

Most of these files had been untouched for years according to the date listed. None of the repairs I completed fixed my sites.

REPAIR Two – B Check the internet for help – > The Medium

A super great post on the Medium. They advise having something like Sitelock but say:

A good security plugin would identify and alert you, in real-time, of all the changes made to your website. 

That’s what I thought was happening, but it did not work as advertised.

The Medium article advises to check core wordpress files. They give some methods, but I have Jetpack installed on all my wordpress sites. Jetpack is a plugin made by wordpress and they have a good article with advice on my problem.

Another option is to completely reinstall WordPress to ensure all core files are clean. You can do that via Dashboard > Updates, by clicking ‘Re-install now.’ It sounds scary, but this will only replace the files at the very core of WordPress and will not remove or replace any of your content, media, themes, or plugins.

If you are a member of wordpress.com, you can access your sites and scan them from your account. My site checked out with no malware in core files.

My wordpress core files are good.

Call Three – Late at night, I reached a technician who really knew PhP. She Knew that Bluehost had updated to PhP 8.0 Then she investigated and found my sites were still using older versions. She updated the PhP connection and my site works.

I still have some sites that were not repaired.

Repair Three – I am now changing the admin passwords on all my sites and checking some that I maintain, but do not visit regularly.

A representative of Sitelock contacted me by email and by phone about my malware issues. He told me my personal site has malware that is “phoning home” and causing reinfection, so I need to purchase monitoring and cleaning. 

It seems that any good technician could find the beacon that is contacting the infecting site and remove it.

I am not impressed by their lack of attention while using the free version and their slogan of “automatically finding and fixing issues”. My long experience shows that automatic is not the best. Why should I pay them so much for pressing “scan”, then “repair”?

I was amazed when he informed me that Jetpack and Akismet (now a part of Jetpack) may host malware. Certainly any file on a website can contain malware, but infecting these would be very tricky. As these plugins are made and supported directly by WordPress, it seems unlikely they would be the source of an infection. 

WordPress is constantly monitored by the best in the biz and I trust them. It seems more likely that a plug-in or theme would be the source.

I do not think I will be employing Sitelock as my core problem was PhP related. They saw the scan and most of the issues were PhP not a html infection. They did not suggest that there could be am issue with PhP compatibility. They just talked about signing up and the cost of plans.

They seem a lot more interested in signing up clients than fighting malware.

I did have malware on my site, but I am in the process of changing all my passwords and removing the unused themes and plugins. The individual who phoned me did not even recommend that I do that when it is Step One!

There will be another post as I continue to follow the steps outlined in the article in the Medium and on the Jetpack site.