My admin page will not open

When I open the http://www.nojsom.dk/admin page the test as attached shows. I lost contact with you - but before that your collegue asked me to share the FTP acces with you. I attach that as well. Hope you can help. Thanks

  • James Morris

    Hello Trine,

    I hope you are well today.

    I just checked your site and I get the PHP error when trying to access /admin (a non-standard URL), but when I call /wp-login.php (standard URL) the login form displays correctly.

    I searched through our email system and your chat log with Luis and did not see any FTP details or WordPress login details. In order to help you better with your issue, would you please grant me access to your site and server?

    Please visit the Contact page and complete the form with the following information:

    Subject: "Attn: James Morris"

    In the Message box, please provide the following:

    - link back to this thread for reference
    - any other relevant urls

    - Admin login:
    Admin username
    Admin password
    Login url

    - Hosting Control Panel Login
    Admin username
    Admin password
    Login url

    ~OR~

    - FTP credentials
    host
    username
    password
    (and port if required)

    Best regards,

    James Morris

  • James Morris

    Hello Trine,

    I am VERY glad you came to us with this issue. Turns out we were able to identify a script injection on your site. I believe the code injected was for a crypto miner. These injections are becoming quite frequent and happen through old plugins that are not properly maintained.

    I found this because your index.php file was throwing the following error in debug.log after I disabled all plugins.

    [24-Jan-2018 07:26:38 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /public_html/index.php:1) in /public_html/wp-includes/pluggable.php on line 1216

    Upon further inspection of the file, at the beginning was a <script> injection that was well obfuscated. Whoever injected it, didn't want you to know what it did.

    I renamed your index.php and replaced it with a WordPress default index.php. Now, when you access /admin on your site, it redirects appropriately.

    My recommendation is for you to do a full audit on your site. Any plugins or themes that are not needed should be removed. I also recommend going through and finding any old plugins that have not been updated in > 1 year and trying to find suitable alternatives for them.

    One final thing... I see you are running Hummingbird along side of W3 Total Cache. These plugins are not compatible. They perform the same functions and conflict with each other. I strongly recommend disabling one of these plugins for maximum stability on your site.

    Let us know if you have any further questions. We'll be happy to help!

    Best regards,

    James Morris

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.