It looks like GoDaddy is enforcing strict password norms for the database access. Try changing the database password – a guide will popup ticking away the mandatory requirements. The problems on my clients’ customized sites on GoDaddy were solved by doing so.
Many of my WordPress sites have been attacked by this xxx-hacker. The first thing this hacker does is try to login as admin using multiple tries. Once it succeeds, the user name is changed to xxx-hacker and the password is also changed. So, now you cannot login to your site and you can’t even reset your password.
If by chance you are still able to login as admin then you are in luck, as the attack hasn’t happened yet. But, prevention is better than cure. So, immediately (as in NOW), update your WordPress installation, and install/enable the Limit Login Attempts plugin. This is the most important thing you need to do to stop this hacker, because this is somehow related to the hacker gaining access to your server files. Also, immediately after this change your server passwords – especially, ftp and mysql.
At this stage I don’t know if the ftp password is being deciphered, but I have seen strange folders and files turning up in the sites’ public/html documents area. There are at least 3 different type of actions performed by these files. (1) Phish for email passwords (2) Phish for financial passwords (3) run a script that logs in to some site(s) using series of passwords. One common thing I have noticed is that the plugins folder in all hacked installations has one new folder – helo – which contains script to send the phished data to the hacker’s mother computer. Change permissions of this “helo” folder to 777 and then delete it.
Things to do in your MySql database
If not yet attacked: stop user registration or updation using triggers. This is like a chastity belt. The filthy sucker of a hacker can tear your WP-clothes, but can’t penetrate your DB-bastion, thereby preventing spawning of further filth. Contact me for modus operandi.
If attacked: rename admin user to a word other than “admin” and change password to a 16 character word in MD5 format, then stop user registration or updation as above using triggers. Contact me for help.
If your site needs user registrations, handle them yourself, manually. If you don’t have time for that and are a very big site, then you should enlist service of someone who can provide proper security.
To be cont’d…
This global brute force attack on self hosted WordPress sites has been going on for past few days. I am going to address different cases and attempted solutions here. Please bookmark this Q&A and check back for new case studies.
One site came to my notice today, where the users could not login because the login or admin page got redirected to a page that output “not acceptable“. I checked the .htaccess file and it seemed to have non-standard statements, which neither the developer nor the site-admin remember putting in. So, we removed the extra statements and retained only the default WordPress generated htaccess statements and the site was back to normal.
…to be cont’d…
Ah there! Did you by any chance turn off the “Show Map” option in your page info?
According to facebook garden logic you should recommend others around you (your location!) – so your page should show the map (of your location), then only your recommendations will show.
Go to Edit Page > Update Info > Check “Show Map” option below your physical address – obviously, a physical address is required too!
Find where the comment_form() function is called. Usually it will be in the comments.php file of your WordPress theme.
It might be displayed like:
<?php comment_form(); ?>
Pass an argument to the function as below:
<?php comment_form(array('comment_notes_after' => '')); ?>
The array can have other arguments as well to mod the comment form to your liking. Refer to WordPress comment form codex for all possibilities.
This official HP page: http://www.hp.com/global/us/en/eprint/airprint.html
and this Apple support page: http://support.apple.com/kb/ht4356
should guide you.
There is some problem with Gmail display in Opera since past few months and no one from Opera or Google seems to be bothered about Opera users. A quick (but temporary) solution is to switch Gmail to basic HTML view. Open a new window or tab and access basic HTML Gmail by using the following URL:
Please remember, this is a temporary solution and many Gmail features will not be available.