WP Pages load reaaaly slow now...randomly broke
-
SkinnyGeek1010
MemberI recently broke my server :) ... I think.
For weeks all was well and 2 days ago I was posting pages/posts as normal (in Wordpress). All of a sudden today the pages take 50+ sec. to load. I disabled all plugins, still slow. I switched to the twenty ten, and all is fast. Odd, but it gets weirder. I deleted my old theme, re-uploaded and tried it....slow.
I then restored my linode to 3 days ago with their snapshots. It still has the same problem! At that time i'm positive it was working fine. This is what really confuses me, as it should be working just as it did 3 days ago...correct?
Any ideas on what to do? The theme worked fine for 3+ months, is there a bigger problem (ie. server) or is this a bad theme?
Posted 11 months ago # -
cdroo
Member@Skinny
If 2010 is running fine and your other theme is still slowing things down then it's a pretty fair bet it's the theme. Look for encrypted code inside your theme (I'm guessing its a freebie?). It could be do all manner of nefarious things. A reason why I either code my own (ie with Thesis as a base) or purchase premium subscriptions (ie Woothemes).
If indeed its your theme - and with the behavour you descrive I'd be looking at a fresh install personally, dumping the db after exporting from WP using the XML format that comes with WordPress. Then reinstalling everything fresh, finally importing the WordPress XML backup.
Posted 11 months ago # -
SkinnyGeek1010
Member@cdroo
Thanks for the advice! I didn't even realize WP had that export feature.
I'm not terribly attached to the theme, it is a stepping stone until I can make one from scratch (need to learn some PHP first). It was a paid theme from ThemeForest, though very code heavy.
If I just ditch the theme, will I be ok in the future? Or should I wipe everything to eliminate any bad joo joo?
Posted 11 months ago # -
hey Skinny,
+1 for cdroo's remarks. Sounds like a compromised theme. Could be many things. Doesn't sound like a server issue. Maybe you should just swap theme, maybe you should just reinstall. Then again, swap or not, it's best to find out what happened so you can ensure it doesn't happen again. Here's a start ...
*backup everything first .. mark it suspect though. do you have other backups, the database especially, pre-problem? lemme know.*
1. Having activated a temporary theme that works properly, install the "theme preview" plugin, previewing the affected theme (only you will see it) and then check the site's access and error logs like this:-
tail -100 /home/USER/public_html/log/error.log
tail -100 /home/USER/public_html/log/access.log-100 throws up the last 100 entries, for example.
Look for anything unexpected that resolves, such as a remote URL pointing to a file (Remote File Include attack) or one pointing to a local system file (Local File Include attack). An unsuccessful LFI attack could well be what's slowing down the pageload, for example trying to open your /etc/shadow (server user passwords) file.
Logs can be a bit of a headspin (an important one). Here' a help:-
Hack Attempt Identifier - http://25yearsofprogramming.com/
javascript/hackattemptidentifier.htm
`
And here's another shortcut to root out dodgy code ...2. Install and run the WordPress Exploit plugin:-
http://wordpress.org/extend/plugins/exploit-scanner
Analyse the suspect entries. Take your time.
3. Look for file changes:-
find /path/to/theme -type f -mtime -5 –print
That checks for any file changes in some theme path over the last 5 days. There should be none unless you edited a file. If the problem's been hanging about for, say, ten days, then change -5 for -10.
4. Compare file differences. With the known good theme files and the known problem theme files in their respective folders in the same directory:-
diff -r /path/to/folder1 /path/to/folder2
5. Check with the theme developer and that community for recent issues. Unless it's really valuable to you somehow, maybe just swap the theme.
If problems persist there's an underlying issue, else one that's spread via a Privilege Escalation attack and, as cdroo says, you may have to reinstall, using that export/import feature (the big question now being, was your database corrupted!? It doesn't sound like it, from what you say .. sounds like some theme file code injection only, maybe an iframe attack, say).
Under the circumstances, I'd change all passwords as well, all unique, all damn complex (use LastPass, IMHO). That's server, MySQL databases, Dashboard, phpmyadmin, (S)FTP and any other panels. Ensure you have SSH hardened and only use authentication keys. I'd change the wp-config secret keys, check for strange new administrators/editors in the Dashboard, for new plugins by doing this from a MySQL shell:-
use [DB NAME];
SELECT * FROM wp_options WHERE option_name = 'active_plugins';.. swap wp_ for your table prefix, which hopefully isn't left at its wp_ default ;)
If you're running Apache you should check your htaccess file for strangeness, particularly for odd urls and ensuring you scroll to the very bottom of the file.
Note that this lot assumes the problem hasn't spread and only affects a single theme, at least for now. If it has spread then this is only part of the trouble-shooting process :P
Posted 11 months ago # -
SkinnyGeek1010
MemberWOW, thanks Guv!
Ah, yes backups, I do have plenty of those. Tarballs and linode snapshots.
Kind of weird, but now the problem theme is working just fine. I also tried various other free themes and those worked just fine. I needed to build my own anyhow :D
Even though it is working now... I will tryout your suggestions this weekend! Better safe than sorry.
Posted 11 months ago #
Reply
You must log in to post.
Want HTML?
a blockquote code em strong ul ol liPlace code between backticks `codeHere`
You've got it.