My host says marketpress is corrupt.

My site with down with an internal server error. Chat with the host told me that it was marketpress. They restored the site and I tried to update market press and reactivate and I got a blank white screen. Chat again and she deactivated Marketpress. Can you tell me how to reinstall without problems? I guess I'm not really sure if the data (all the product posts) will still be there if I just delete the plugin and reinstall. I have a snapshot.
Please advise,
Thanks,
Catrina

    Vinod Dalvi

    Hi Catrina,

    Sorry to hear of the problem you are having.

    The latest version of MarketPress eCommerce plugin is working fine on my test site.

    They restored the site and I tried to update market press and reactivate and I got a blank white screen. Chat again and she deactivated Marketpress. Can you tell me how to reinstall without problems?

    Could you please reinstall and activate again and when you get the blank white screen then can you please try temporary enabling WP_DEBUG mode? To do this, just go to wp-config.php include this:

    define('WP_DEBUG',true);

    You might already have a line for WP_DEBUG, so just make sure it's set to true.

    For information on this, checkout this wpmu.org article.

    Let me know what errors if any you are getting when you face this issue.

    This can be due to plugin/theme conflict on your site.

    You can just try on your development site temporary using default WordPress theme like Twenty Fifteen and temporary deactivating all other plugins and activating them one by one as displayed in the following flowchart to know which theme/plugin is conflicting if any.

    https://premium.wpmudev.org/manuals/getting-support/

    I guess I'm not really sure if the data (all the product posts) will still be there if I just delete the plugin and reinstall. I have a snapshot.

    Deleting and reinstalling the plugin will only delete the plugin files but the data will be preserved as the data is stored persistently in the database. For safety before doing this you can take a backup of your site suing snapshot plugin.

    Best Regards,
    Vinod Dalvi

    Catrina

    Hi Vinod,
    Thanks for helping me. I reinstalled and I am back to the white page.
    I read the article and it says not to do it on a live site saying it could expose your code to "visitors".
    This site has been hacked before, I am using 2015 theme with the only other plugins being the WPMU dashboard and your SEO plugin.
    Sorry but I went to my file manager and I don't see wp-config.php. Where is it.
    How do I set up a test site.
    Thanks,
    Cathy

    Catrina

    Could this have anything to do with it?

    PayPal service upgrades.

    Catherine Matel,
    As we have previously communicated to you, PayPal is upgrading the certificate for http://www.paypal.com to SHA-256. This endpoint is also used by merchants using the Instant Payment Notification (IPN) product.

    This upgrade is scheduled for 9/30/2015; however, we may need to change this date on short notice to you to align to the industry security standard.

    You’re receiving this notification because you’ve been identified as a merchant who has used IPN endpoints within the past year. If you have not made the necessary changes, we urge you to do so right away to avoid a disruption of your service!
    Because these changes are technical in nature, we advise that you consult with your individuals responsible for your PayPal integration. They will be able to identify what, if any, changes are needed. Please share this email and the hyperlinks below with your technical contact for evaluation.
    Testing in the Sandbox is one of the best ways to make sure your integration works. Sandbox endpoints have been upgraded to accept secure connections by the SHA-256 Certificates.
    Full technical details can be found in our Merchant Security System Upgrade Guide. In addition, our 2015-2016 SSL Certificate Change microsite contains a schedule of our service upgrade plan.
    Thanks for your patience as we continue to improve our services.

    Kasia Swiderska

    Hello Catrina,

    The email from the PayPal has nothing to do with the MarketPress errors - our plugins are prepared for that change.

    You will find wp-config.php file in the main folder where your WordPress is installed. The same folder that there is wp-content.
    Depending on the server it could be public_html or www. You can contact your hosting provider to point you to that folder on your server.

    You don't need to display errors on site, you can enable debug mode so it will log errors to the debug.log file. To enable it, open your wp-config.php file and look for define(‘WP_DEBUG’, false);. Change it to:

    define('WP_DEBUG', true);

    In order to enable the error logging to a file on the server you need to add yet one more similar line:

    define( 'WP_DEBUG_LOG', true );

    In this case the errors will be saved to a debug.log log file inside the /wp-content/directory.

    Depending on whether you want your errors to be only logged or also displayed on the screen you should also have this line there, immediately after the line mentioned above:

    define( 'WP_DEBUG_DISPLAY', false );

    The wp-config.php is located in your WordPress root directory. It’s the same file where the database configuration settings are. You will have to access it by FTP or SFTP in order to edit it.

    Then you need to try activate the MarketPress. After that you should be able to see errors in the debug.log file.

    Kind regards,
    Kasia

    Catrina

    Hi Sorry for the delay, super busy week.
    Okay, I swear it wasn't there before but I found it.
    I went into the log after I added the debug code and this is what I found.
    [11-Oct-2015 13:41:00] PHP Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM in /home2/catrina7/public_html/wp-content/plugins/marketpress/includes/common/class-mp-product.php on line 368
    Yes, wordpress updates automatically and this did start after a wordpress upgrade.

    The next step in the directions above was to activate marketpress. First, I think it may already be activated. It was when I activated it that I got the white screen. How do I check to see if it is activated if I can't get into the wordpress dashboard?

    Thanks for your help,
    Cathy

    Kasia Swiderska

    Hello Catrina,

    Thanks for the debug.log! MarketPress is activated if you have white screen. But I now have the error. This error can mean the you have 5.2 version of PHP on your server.
    You may need to contact your hosting provider to confirm that. If yes, ask for upgrade to PHP 5.4. If this is not the issue, let me now and we will find another solution.

    Because you have white screen of dead you should deactivate MarketPress - you can do that through the FTP. Navigate to the /wp-content/plugins and find the marketpress folder - change it's name to marketpress1 and you should be able to use Dashboard again.

    Kind regards,
    Kasia

    Catrina

    I did have PHP 5.2 so I changed it to 5.4.
    My website is back and I can see that the products are there, but many of the store pages are not to be found and the prices have disappeared. I was also unable to add items to the cart. I just had a quick look so there is a possibility that I haven't noticed everything that is askew.
    I'm going to check and see if there are any other clues in the debug.log but please let me know what I should do next.
    Thanks,
    Cathy

    Kasia Swiderska

    Hello Cathy,

    My website is back and I can see that the products are there, but many of the store pages are not to be found and the prices have disappeared.

    Go to the Store Settings -> Presentation -> Store pages and create there new pages for your shop.

    As for the prices: go to this url in your WordPress dashboard wp-admin/admin.php?page=mp-db-update&force_upgrade=1

    and update your database, this should fix the prices.

    Kind regards,
    Kasia

    Catrina

    I changed it to markepress1 but I still have the 500 internal server error screen. I previously changed it to marketpress1 back on October 11th but when I went in today it was back to marketpress. Not sure why that was. I tried changing it to marketpress2 but still have the 500 internal server error screen.
    I tried starting a thread on the forum. Forgive me I didn't know that this and the forum were one in the same. They closed that thread because they said it was duplicate. I thought I would be talking to more/different people there.
    Would it help to do a back up from a snapshot? Or would it just have the same problem when I try to upgrade? My last snapshot was before the wordpress and marketpress upgrade.
    Also, the person that answered my post on the forum said that you were just waiting for my answer. It seems as though sometimes my posts don't go through. This has happened twice during this thread. I give an answer and then I go back later and find that it is not there.
    Thanks for your help,
    Catrina

    Kasia Swiderska

    Hello Catrina,

    There is no internal server error on your site - did you manage to turn off the MarketPress? Can you contact your hosting provider to check if they have any information about this error?

    Would it help to do a back up from a snapshot? Or would it just have the same problem when I try to upgrade? My last snapshot was before the wordpress and marketpress upgrade.

    Making snapshot before any action on the site is very good idea.

    I tried starting a thread on the forum. Forgive me I didn't know that this and the forum were one in the same.

    Yes, this is the same support forum and staff members are checking other threads.

    This has happened twice during this thread. I give an answer and then I go back later and find that it is not there.

    Did you post your answer through our site? When you click "post" did you see it on the thread? Where there any errors during publishing?
    This is weird and should not happen, but I haven't seen this issue before.

    Kind regards,
    Kasia

    Catrina

    Hi Kasia,
    I'm sorry, I did work on this problem this weekend a bit and I intended to post here and let you know my progress, but I ran out of time.
    I was on the chat with a WPMU helper and also spent some time chatting with someone from my host.
    I got the marketpress plug in deactivated so that I can see my site and controll panel and I talked to him about the PHP version which it seems still was not changed so I think I got it changed to PHP 5.4 now. He also pointed me towards the following error which it seems I can find in my control panel under statistics. Here is the error:
    PHP Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM in /home2/catrina7/public_html/wp-content/plugins/marketpress/includes/common/class-mp-product.php on line 368
    The last time I looked there was a lot of stuff in the debug.log file that you had me make. Do you want me to post that here too?
    In my last post I was asking if you thought I should restore from a previous snap shot not if I should make a new one.
    Next I mad a test site to work with. I downloaded a fresh install of wordpress/WPMU dev dashboard/marketpress/snapshot and smartcrawl which are the only plugins I have on my real site right now. The theme is 2015 right now. I deleted the plugins that come with the wordpress that I don't have on my real site. Then I tried to get my snapshot from drop box but couldn't figure it out as it was not on the list. So that is where I left off.
    My site is visible but it has no marketpress so 0 function and 0 products. Not much help to me.
    Please suggest what I should do next.
    It seems like I am always working on this at the point in my day when I am exhausted so I appoligize. Maybe I forgot to hit post and only hit enter and thought it was posted or something.
    Thanks,
    Cathy

    Ash

    Hello @Cathy

    I hope you are well today.

    Would you please send me admin login details and cpanel details?

    To send me details, please use our contact form: https://premium.wpmudev.org/contact/

    Select: I have a different question
    Subject: Attn-Ash (this ensures that it will be assigned to me)
    Details:
    1. Send all requested details
    2. Send a link of this thread so that I can track
    3. Send any other relevant link

    I will be happy to take a look

    Cheers
    Ash

    Catrina

    Hi Ash,
    Thanks so much for your help on this.
    I called the Bluehost people again this morning and in fact the PHP version was set to 5.3 again rather than 5.4 (previously it was 5.2). I really don't get why this is happening. This is the 4th time I switched it to 5.4 and for some strange reason it keeps reverting to 5.2. I talk to you guys and you tell me that is the problem. I talk to them and they say they have changed it (a couple of times I changed it myself). Then the website seems to work for a little while. It is working now. And then I get busy and don't log in for a few days and then the next time I log in it is the 500 server error again.
    I'm hoping that this will be good now, but do you have any idea why this could be happening? The gentleman from Bluehost said the only reason that he can think of is if I was restoring it from a backup. I considered using a snapshot, but I don't think I ever actually did it.
    Could it have something with the htaccess file that you fixed?
    Thanks again for your help.
    Catrina

    Catrina

    Hi Kasia and Ash,
    Thank you for helping me with this problem in the past, but alas it is still a problem. After the last time we corresponded I checked the website a few days later briefly, maybe checked it 2 or 3 times on different days to make sure it was working but I didn't do anything. It was working. Then today, I actually had a block of time where I was going to be able to work on it and I went to log in and...same thing...the 500 page, it was down again. I contacted my host again and this time php was turned off???? I don't get it. They said it was something with the htaccess file and he changed something. He said he would email me what that change was but so far I have not got that. He implied that he thought it was the back up program. Does snapshot change something in the htaccess file? It seems that something (or someone) is making changes to the php on my account. I have changed it personally to php 5.4 and I have had the help desk do it for me. We have done this multiple times; at least 5. Each time it magically changes back to a previous version and now turned off all together. I have changed my account password multiple times including today. Any ideas what could do something like this?

    So, I thought I would delete snapshot and see if it makes a difference. First, I understand that it would delete all files on the website, but am I right in thinking that there is still a copy in my dropbox right?
    Next, when I went into snapshot to check it out and explore the settings I found a message that I can send to you privately if you like.
    Lastly, when I tried to delete the plug in I couldn't do it. I get the 500 server error page again. However it does not completely break the website. If I use the back button I am back to the dashboard, but the plugin is not deleted. I thought about doing it at the file level but I was afraid I would miss something and really mess things up.

    Please help, I'd really like my website to be able to be updated, so that I can actually sell something during the big shopping season, the next time I have the day off rather than just working on this problem again and again like I have been doing since September.

    Thanks in advance,
    Catrina

    Ash

    Hi @Catrina

    This is a very very strange issue!

    Would you please use cPanel File Manager and go to /wp-content/plugins/ and rename the snapshot folder to something else?

    This will deactivate the plugin. Then check your htaccess again, and confirm you have correct code in there. If needed, change one more time.

    And now, please keep monitoring and we will see if snapshot is the culprit in your case.

    Have an awesome day!

    Cheers
    Ash

    Catrina

    Thanks for helping me Ash.
    I had already deactivated Snapshot via the control panel. It is currently inactive, the thing that I was unable to do was delete the plugin.
    My question is if I am able to delete the plugin will my backups still be in my drop box? I don't know if this matters or not if I can't restore with them, but I really don't understand how this works.
    I looked in my files and it seems I have 9 .htaccess files. I really don't know what they are supposed to say if they are correct.
    The one that is simply called .htaccess says this:
    # Use PHP5.4 ad default
    AddHandler application/x-httpd-php54 .php

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Six of them are similar and this is an example of what one of them is named: .htaccess.bak.144519176

    and here is what it says in the file:
    # Use PHP5.4 Single php.ini as default
    AddHandler application/x-httpd-php54s .php

    2 or them have old in the name .httaccesold and .httaccess.old

    none of them are the same and not all of them mention php 5.4

    I don't know what the .htaccess file is supposed to say or if there is something wrong with these files. I have read up on .htaccess so I do understand a little bit the purpose of the files. I also don't know if this is something that I should be posting on a public forum.

    The other thing that I mentioned in my post a few days ago is the message on the dashboard when I look at the settings for snapshot. I don't know if this should be posted on a public forum either. I activated snapshot again today so that I could look at the settings and tell you the message and guess what, the message is gone. It was surrounded by a red box and it said something like: I should not use the default snapshot folder because it is in my public folder which could make it open to being compromised. (these were not the exact words just what I remember). It said I should contact my host to move it outside the public folder.

    Also I don't know if this is significant or not, but as I mentioned I changed the main cpanel password again yesterday and today when I tried to log in I accidentally used the old password the first time. I got locked out for 5 minutes saying that I was locked out for excessive log in attempts. I don't remember ever getting locked out before for just one incorrect attempt. Could this mean that someone is trying to use a brute force attack against my account? forgive me if I am overly suspicious, but my website has been hacked before. I don't know if I told you this before, maybe in a different post, but last year it was so badly infected that I had to ditch my multi site and moved to a different server with a dedicated IP and then started from scratch with only my primary site. Since then my site has only been actually working on an occasional basis. Every time I have tried to go in and work on it and try to resume development I find that the site is down again. It has been down with only brief episodes of working since september and has not really worked since my site was hacked last year.
    I am really near the point of ditching everything that is associated with this site....my host, word press and WPMU. Unfortunately I have a fair amount of money invested in WPMU so for a site that has not made a sale in over a year this is a real problem. I am not an expert. I was attracted to wordpress because it was cheap and easy. I have learned a lot over the past few years about digging into the code, but I am by no means an expert. I need software that works without requiring expert knowledge.
    Sorry for complaining and I know you are probably not the correct person to complain to, but I am so frustrated.
    Thanks,
    Catrina

    Rupok

    Hi Catrina

    I'm so sorry for your loss but I'll request you not to give up hope. As you said, you found multiple versions of .htaccess files named as ".htaccess.bak.144519176 , .httaccesold and .httaccess.old" etc. the naming pattern clearly indicates that these versions were created by someone. If a plugin creates multiple version, the renaming pattern would be same for each.

    Yes, your backups will still be available even if you uninstall the plugin.

    Please keep in mind, not only sites get hacked, even servers are compromised sometimes. For example, if a hacker can upload a php file manager shell in one directory, he will be able to get access to all directories under all domains hosted on that server. So, choosing a right hosting provider is very very important.

    Secondly, you should use WordPress security plugins for keeping your site safe from common attacks. "iThemes Security" and "Wordfence Security" are two very popular security plugins for WordPress. Both of them have nearly a million active installations. You can use either of these two.

    Thirdly, please keep your themes and plugins updated always. Don't install any nulled or cracked theme/plugin as they have malicious code inside them and work as a backdoor to hackers.

    So, I'll request you not to give up once again. Just tell us your issues one by one, and I believe, we will be able to help you make a successful website doing awesome business.

    Have a nice day. Cheers!
    Rupok

    Catrina

    So, am I hearing you right that you think my site is hacked again?
    What should my plan of action be?
    I don't have a lot of cash on hand to pay for a repair. Should I delete all of those .htaccess files. Is it likely that I have a bunch of other problems too?
    I have used wordfence before but when I used it is when my site broke the first time I was hacked. I don't know if wordfence broke my site or if it was a coincidence and it was the hacking that broke it. I installed cloudfair around that time too (no longer have that either) so it may have been that they weren't playing well together.
    Should I try to scan and repair my site first? Or, I have spent all weekend researching new hosts.
    I currently use Bluehost and I have been happy with them except that I am getting hacked constantly now. They moved me to a dedicated server but it seems I am still having problems.
    My head is spinning with the choices of a new host. I don't know if I can afford a managed wordpress host, but with all the add ons to stay secure with the current host it may be almost as much.
    If I change should I start from scratch instead of migrating a potentially infected site?
    Please help me with what to do first. I have regular updates and development to do. Maybe starting from scratch with a new host would be best. I really don't like the idea of all that work, but I want a site that is not going to be down most of the time.\
    Thanks,
    Cathy

    Kasia Swiderska

    Hello Cathy,

    This is tough situation, but those things happen unfortunately.
    First thing is to make backup right now, if your site is hacked this backup can be then investigate to check from where infection came - I believe with cPanel you can also do the backups.
    Contact Bluehost and tell them that your site was probably hacked, that there is lots of htaccess files and ask if they can do something about it.
    If they say they cant help, lets try starting from scratch. I know this is annoying, but sometimes its only way.
    Use WordPress export tool, export all your content - and because we don't want to you to upload all the images for your products again, make a localhost (use XAMPP, WAMP, AMPS or MAMP - depending on system you use) WordPress installation, with MarketPress and import to this clean environment your content with images (your site need's to still work to get images).
    On your localhost you can configure and setup again your site and in the meantime, you can remove site from server - all of it. WordPress and its database.
    Then, when you are sure that nothing left from old site on server, change all the passwords to FTP, cPanel, SFTP - and move your site from localhost to server - this time you can upload files and export and import database (remember to change urls to your site after importing DB).
    Make sure your admin username is hard to guess, you have strong password, make sure you have only necessary plugins and only form the good sources.
    And then check if everything works as should.

    Kind regards,
    Kasia