Find solution
How to modify PATH variable for X11 during log-in?

WordPress malware. I can't log in. Help!

  • My beloved website, http://www.microhorror.com/, seems to have been infected with malware, and I can't log in to WordPress. Please help! When I go to the site, this is displayed in the header:Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/modules/.DS_Store/.DS_Store.php) is not within the allowed path(s): (/f2/microhorror/:/nfsn/apps/php53/lib/php/:/nfsn/apps/php5/lib/php/:/nfsn/apps/php/lib/php/) in /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php on line 101When I click to log in to WordPress, it displays this above the log in panel:Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/modules/.DS_Store/.DS_Store.php) is not within the allowed path(s): (/f2/microhorror/:/nfsn/apps/php53/lib/php/:/nfsn/apps/php5/lib/php/:/nfsn/apps/php/lib/php/) in /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php on line 101 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 368 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 380When I actually try to log in, it displays this, and the whole thing fails:Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/modules/.DS_Store/.DS_Store.php) is not within the allowed path(s): (/f2/microhorror/:/nfsn/apps/php53/lib/php/:/nfsn/apps/php5/lib/php/:/nfsn/apps/php/lib/php/) in /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php on line 101 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 368 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 380 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 680 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 681 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 682 Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 876I'm trying not to panic. Please tell me how to rescue my site!

  • Answer:

    Yes, it's wp-malwatch. Remove its folder, and the problem should go away. It's a very old plugin and doesn't seem to have any support.

Faint of Butt at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

I don't know that you actually have a malware. Looks more like your plugin is misbehaving. I'd start by FTPing to the site and removing the folder at: wp-content/plugins/wp-malwatch Then try logging in.

humboldt32

Do you have ssh access to the server?

pharm

Thanks, folks. I deleted the plugin and that solved the problem. I then proceeded to upgrade WordPress, and now I have a new problem. When I try to edit a post, the field that should contain the post text is completely blank. I opened a http://wordpress.org/support/topic/editing-pages-and-posts-just-creates-a-blank-field, but maybe you have an idea.

Faint of Butt

Standard debugging advice: disable plugins and set to a default theme and see if you have the issue, gradually reenable things and narrow down the source of this secondary problem.

artlung

Thanks, artlung. It didn't help.

Faint of Butt

I fixed the blank-field problem by downgrading, but now I have yet another new problem. Special characters are being replaced by question mark/diamond glyphs: � They used to display just fine. Research indicates this has something to do with character encoding in phpMyAdmin? Explain like I'm five, please.

Faint of Butt

Could be one of several things. I'd need to explore the server, the theme, the database, and understand how you got to where you are. Could be the wrong encoding on your database but if it was working before it's not definite. I don't think I can be productively helpful in this thread. My contact info in my MeFi user profile if you want to reach out.

artlung

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.