Getting 404 error on all wordpress pages

404 error on all pages

WordPress 404 error on all pages

Have you ever had all your WordPress posts and pages turning 404? All of them?
No? I just had them and i freaked out till i realized that it is actually a very fast and easy way to fix it: rewrite the rules on the .htaccess and you’re good to go.

It happened after uninstalling W3 Total Cache and don’t get me wrong, i love this plugin, but it drives me insane sometimes.
I decided to go back to WP Super Cache and after removing the W3, i just ran into 404 posts on my blog.
After removing the dropin php files left over from W3, i still had the error but the good thing about Total Cache is that it lets you rewrite them with a click.
If you run into the same error, don’t go blaming the developer. They all do their best and give their plugins away for free after investing lots of hours and energy to put into them.
Instead, before uninstalling caching plugins, make sure you don’t already have 404 pages. If you don’t, just rewrite the rules or simplify your .htaccess file with the code from the default WP installation.
 rewrite htaccess rules

[fblike]

Analyze and optimize WordPress loading time

[note color=”#fad540″]This post will show you how to analyze and optimize WordPress, defer parsing of JavaScript, minify css and minify javascript, and more important, how to speed up wordpress[/note]

Having a fast loading website is a must these days. It’s a part of the user’s experience that has to be continuously improved. People don’t want to wait anymore for your pages to load and if they don’t load fast, they won’t stay. It’s that simple.
This blog, which runs on WordPress,  was loading slow for quite a while and when i first ran the tests, i was amazed by the low score i got.
Thankfully, the services below don’t only show the faults, but also suggestions on how they can be fixed.
This way, i could see which plugins are slowing my blog down, which scripts and css files i have to compress and got the chance to work a bit on it so i am going to write down a few pointers in case you’ve got a slow loading website.
The links listed below will help you analyze your pages and point right away what needs to be improved.
And if you don’t know what to do about certain settings, don’t need to worry. All the links i provide you with for the scan will provide you with extra info and help.

So, here we go.

  • Analyze the loading speed and get the suggestions

 

analyze and optimize WordPress

 

 

GTmetrix
PingDom Tools
Google’s Page Speed
Yahoo’s ySlow
Web Page Test

 

  •  Compress, minify and cache

For this, i recommend the WordPress plugin “W3 Total Cache“. It’s the best but be careful; don’t get excited and check everything, or you’ll end up with a css’less website. It can get messy.
Just follow their instructions and you should be fine.

  • Defer parsing of JavaScript

This is the part i had troubles with but then i found a code somewhere on a forum and used it. It worked.
The code Google provides didn’t work for me.

So to fix that, add this code to your footer right before the end of the body tag “</body>” and of course, replace my link in the code with yours.

[pullquote align=”none”]<script defer=”defer” type=”text/javascript”>
    window.onload=function(){
        var mycode;
        mycode=document.createElement(“script”);
        mycode.type=”text/javascript”;
        mycode.src=”http://www.carolsvault.com/”;
        document.getElementsByTagName(“head”)[0].appendChild(mycode);
    }
</script>

[/pullquote]

  • Optimize images

One thing i noticed on the results i had was that my images were not optimized. For a moment there i thought that i might have to manually optimize hundreds of images, but i found a tool that does that in bulk.

WP Smush.it is an WordPress plugin that lets you optimize your images to reduce bandwidth and loading time of your pages.

These are just a few steps that you can take to greatly improve the loading speed on your pages and my recommendation is: don’t overreact with the settings and changes.
If you give up too much to performance, you will lose quality.

That’s my latest report and although i want to score as high as possible, i think i will take the A offered by ySlow and see what improvements i can do later on.
analyze and optimize WordPress, defer parsing of JavaScript, minify css and minify javascript

That’s it for now. Enjoy pimping your website and if you need any help, just check the links provided or drop a line in the comments box if you have any other suggestions.

[fblike]

WordPress infected with javascript malware – FIX

Update 2 Fixed at last:

I think being stubborn and not accepting a defeat regarding a possibly hacked/hijacked website is a good quality to have and i am stubborn.

Time and time again i thought i found the fix, but on scan my blogs were displaying the same links.
I then scanned my links with http://jsunpack.jeek.org and i got a bunch of decoded code back and i could see that there were links being displayed, same links caught as malware,  and this is an example of what i had:

 

 

But where on Earth was its location? I could see it, but i couldn’t find and remove it.

I removed my current themes and installed a default WP theme. Did the scan with http://www.unmaskparasites.com/ (you can have a fresh scan after 1 hour) and http://jsunpack.jeek.org .  The bastard was still there and I was so pissed.
Sucuri wasn’t reliable anymore because i had to push the scan a few times to show me a result: 5 times clean, 1 time infected.
So, it wasn’t the theme.
I checked almost all the wp php files, theme files, looked for weird named files, the database. Nothing. At this point i felt like pulling my hair off.

On the tens of websites i looked, everyone was pointing to the same: backup, fix your passwords, reinstall WP.
Or, what i mainly saw was: Go to Sucuri and let them remove that for you for a fee.
No problem, but if they can do it, i can do it too or at least i can try.

So i refused to believe that this was a one way thing and only the experts at Sucuri could help me and tried a different approach to isolate and see if the bad code was in my posts or in the WP files and i did the following:

1) An export of my posts and pages only via my dashboard + a copy of my Uploads on the wp-content folder (just in case i might have to reinstall WP).
2) Created an extra subdomain via my cPanel.
3) Installed via Scriptaculous a new WordPress on that subdomain (my host has a ton of goodies).
4) Imported my posts and pages to the new subdomain.
5) Checked with the 2 jsunpack.jeek.org  and unmaskparasites.com. Clean!

I repeated the steps with my Politics blog. Scanned. Clean.
This time i did step 6 on my test subdomain.
Installed a few plugins. Scanned. Infected! Son of a biscuit!

 

It was late, so i had to call it quit once more.

This morning i picked up from where i left it and i discovered something by mistake.
I was messing with the plugins on my main blog and saw that my Disqus plugin was not showing on the posts.
I looked into the dashboard and – call it attention span, luck or whatever – i jumped to the comments and started removing the spam ones. And what do you know? All the links appearing on my blog that have been flagged as malware were coming from the inserted links into the Disqus comments and looking at their names, they were the same ones appearing on my blog’s code.
I immediately deleted them and changed the link posting setting on Disqus to “Comments containing links must be approved before they are published.”. Then I ran a scan without Disqus and bam! Clean.

The thing is that Disqus inserts a code into the WordPress footer , so i guess that’s why i got all this crap.

Conclusion:

My original finding that my problem was coming from the plugins was partially correct but i didn’t look further and deeper into it.
Instead, i hunted for something that it was not even there.
Is true that one of my themes contained a bad hack –base64_– but i had that theme for a long time and for some odd reason, i never had problems with it.
My blogs are now clean and i couldn’t be happier.

If that happens to you then follow the 6 steps i did to isolate and see where the infected files might be.
Once you have, check the plugins one by one. If you use Disqus, check the comments for spam that hasn’t been caught yet.
If you have links displayed like i did, then is probably not a hack. A scan with the links provided in this post should help you see that.

If the code is in a file or in a post like i had it once before, then unmaskparasites.com will point you to that file. It will also help you recognize your links or at least legit links on your website.
If not, then you are dealing with hidden ads or like me, spam comments, making it very difficult to look in the right places.

Reliable (helpful) tools in this order:

  1. unmaskparasites.com
  2. jsunpack.jeek.org
  3. THEME AUTHENTICITY CHECKER  (TAC)
  4. quttera.com
  5. sitecheck.sucuri.net/scanner

As for the steps to take…well. It all depends on your problem and your website’s security.
Just make sure you have a backup, just in case things go bad.

 

–End of update 2–

Update 1:
I was a bit …enthusiastic about disabling the plugins and so i had to do some further search and i found something.

If disabling the plugins doesn’t help, then i suggest installing THEME AUTHENTICITY CHECKER  (TAC) and let it scan the installed themes for bad code.
This is what i found. My themes contained a bad code, the same code that i was hunting for to remove the malware from this blog.
Once you find the bad theme, remove it and check again with TAC and then with SUCURI.
Click to enlarge.

You might also want to scan your link with http://quttera.com/ and see if there are scripts that will need to be deleted.

—–

Early yesterday i logged into my WordPress dashboard to write a post and i saw that there were a few plugins needing to be updated.
Without even looking which ones required the update, i just hit the button and it updated them.
Then i accessed my blog only to have a warning from my antivirus that there is a malware infection on my blog.
The weird thing is that right before i updated the plugins, my blog was just fine, but i really didn’t think about the updates i had just done.
There are 2 websites that are really useful in such a situation and these are:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/

They both scan websites for malware and can be useful. But don’t be fooled.
The first one displays the javascript malware and the second one displays all scripts, so you really need to find the rest on your own..
Nevertheless, they are both very helpful.

This is what i got with Sucuri:

And so ,terrified at the thought that i might get my visitors infected, i started googling the issue. I have seen so many websites, all advising the same: check this,

check that, run an SQL search…And so i did them all and nothing helped.

Hours and hours looking and checking, installing new security plugins, scanning and every time, after thinking i fixed it and refreshed the cache, i got the same warning.
It frustrated the daylights out of me and finally, at 2 am i called it quit.

At 10 this morning i start my search again.
Nobody, from all the links i’ve visited gives a clear explanation. It just seems a big maybe and they will all eventually advise you to backup, remove everything and reinstall WordPress.

My advice to you is DON’T do that just yet. Not until you understand if you have been hacked or if it is a plugin code injection.

As it turns out, it was one of my plugins causing that and even though i don’t know – for now – which one is the cause, i will find it.

The fix:
If you get a warning that your WordPress is infected, go to http://sitecheck.sucuri.net/scanner/  and and do a scan.
If you get something similar to my shot above (the link will probably be different), then go to your active plugins and bulk disable all.
In my case, i left 3 active. Wordfence security is still running a scan, and because i installed it after i got the issue, it couldn’t have been it.
Dunno why i left the other 2 on though….


Click on the image to enlarge

Anyway…
After disabling all the others, i went to http://sitecheck.sucuri.net/scanner/  and scanned again and this time it came back clean.

Click on the image to enlarge

Yesterday i thought i got hacked and i was this close to go through some  high amount of work to reinstall WP only to find out that it was one of my plugins injecting code.

I am now left with 42 plugins to check and see which one misbehaves.

Hope this helped!

Can’t install WordPress plugins and themes via dashboard – a fix

wordpressI’ve had some Wordprress installation problems with version 2.8.5 and with 2.8.6 when trying to install new plugins and themes via WP dashboard, as well as upgrading.

The problem:
Downloading the file works perfect and without errors but it stops when it has to unpack.
Basically, nothing happens.
I can see the zipped file on my ftp server, but this same file should be automatically unzipped and installed….which it doesn’t.

WordPress support forums has some topics on this, but people actually have errors; they do not get a black installation page after.

The fix i found that works for me:

As usual, a memory issue which can easily be fixed.
By default, most hosts limit the memory to 32MB, but the workaround in WordPress is to modify wp_settings.php on line 13 and change WP_MEMORY_LIMIT from 32 MB to 64MB.

Find the file into your WordPress root directory, back it up, make the change, save and upload.

if ( !defined(‘WP_MEMORY_LIMIT’) )
define(‘WP_MEMORY_LIMIT’, ’32M’);

change to:

if ( !defined(‘WP_MEMORY_LIMIT’) )
define(‘WP_MEMORY_LIMIT’, ’64M’);

That should fix it! After making this change, i was able to install themes and plugins without a problem whatsoever.
Try installing a new theme or plugin from your dashboard.
Hope it works for you too!

Installing WordPress on Windows platform is a pain

Never thought i would say this, but at this very moment i cherish Linux and hate Windows.

Why? Because it is such a pain to install WordPress if you’re on a Windows platform.

For many hours i tried figuring out why on earth i can’t seem to get to the install.php and follow through the WP activation. What was i doing wrong? Nothing.

It was all by the book and it is not my first WP install…but all my others were on Linux.

Then I looked this up and all i got was more pain.

I am trying to help a friend, who really deserves to have a beautiful website and i want to run that on WP, but so far i only had troubles helping.

Right now i am waiting for a reply from his host, but if any of you could give me a hand with this or just a thought, i would very much appreciate it.

If any of you managed to install it on windows without checking with your host, please share and thanks in advance for that.