wordpress-seo
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/lifeint9/public_html/vandelayweb/wp-includes/functions.php on line 6114A client contacted me this afternoon saying that Google was showing that their website had been hacked underneath their search result. This was odd to say the least. New clients will occasionally call us to help clean up a website that has already been hacked, but this was the first time we’ve had one on a website we built. Our security measures are pretty tight so I was just as curious as I was concerned.<\/p>\n
I pulled up the client’s website and saw nothing wrong off first glance. I went into their Google Webmaster Tools account and sure enough the “hacking suspected” warning was sitting right on the dashboard waiting for me. The strange thing is that Google listed two pages that weren’t affected as evidence of the hack. I looked at the pages closely, looked at the HTML and ran them through Fetch as Google. No issues what so ever. At this point, I think Google is just screwing with me. This must be some kind of false positive by the big G. I submitted the request for review by their spam team and went about my day. The problem is that nagging feeling that something else was wrong just wouldn’t go away. So I dug further doing a site: search on the domain and sure enough hundreds of pages came up for viagra, cialis, propecia and every cruddy spam term you could think of. Ugh. I clicked through these links, and it was almost like another site was being run on our client’s domain. They were basically doorway pages channeling users on to canadaok-pharmacy.net (No — do not go there. You can see the site in the image below). There was no record of these phantom pharma pages in WordPress.<\/p>\n
<\/a>I went into the WordPress admin panel and tried to load the newest version of WordPress thinking that could have presented a weakness our slimy hacker slipped through. It failed saying the version of mySQL wasn’t up to date. I got the support rep at the webhost to deal with this matter, and I brought up the issue of the hack to them. Without a second thought, he said it was most likely an FTP hack. I checked the FTP password and sure enough a dictionary hack could have popped this gem right open. I don’t know if this was setup when the webhosting account was originally created or by the original web developer, but this was a monster security hole just begging to be exploited. I updated the FTP password as well as the weak account password to kill off the access then I went to work on these pages.<\/p>\n