WordPress Error Appeared Out of Nowhere

Howard Bash
Howard Bash used Ask the Experts™
on
All of a sudden a WordPress blog that has been working for several years, with no code changes stopped working.  On running FileZilla I find that all the files have a modified date of 8/8/2013 which makes no sense.

I tried rolling back to the files/folders from two weeks back and still get the same error.  It seems to me like there was a hack and some malware put on the server.  It is at GoDaddy and I think it's a Linux server which I thought couldn't be hacked this way.

The tech support person at GoDaddy tells me that all the PHP files that he and his associate reviewed have garbage on the top of the files which explains why it doesn't work, but not how they were corrupted nor what to do to recover.  I tried rolling back all files and folders to  two weeks back to no avail.

I haven't a clue how to correct and so far neither does GoDaddy.


Here's the error:

Parse error: syntax error, unexpected ';' in /home/content/78/7828678/html/wp-blog-header.php on line 4
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Zephyr ICTCloud Architect

Commented:
Did you have the latest Wordpress, as in, did you update/upgrade regularly?
They could've also hacked your site through a plugin that wasn't updates in a while... as another example.

If your server got hacked, best is to start over again, you might try to do an extended upgrade of Wordpress, where you delete all Wordpress files but keep a backup of your database and such.

More info:
http://codex.wordpress.org/Upgrading_WordPress_Extended

I hope they didn't corrupt your database though.
Most Valuable Expert 2011
Top Expert 2016

Commented:
Another "happy" GoDaddy customer!

First thing I would do is back up the data base (and hope that it is not corrupted by the hack).

Next thing I would do is move the site to one of the recommended WordPress hosting companies.  They are recommended for a reason!  One of the things you will find when you get to a "real" hosting company is that they will be knowledgeable of WP hacks and will warn you if your software is at risk.
http://wordpress.org/hosting/

WordPress gets hacked a lot because novice PHP developers with no understanding of security publish plug-ins.  When an exploit is found in one of these incompetently written plug-ins, it's only a matter of days until every WP site that uses the plug-in has been hacked.  There is no "silver bullet" to fix this problem, and unless you're a PHP security expert you will have to rely on the WP community to help.  NEVER install a plug-in that does not have a large community of users and a reputation for security.
Don't talk to me.
Commented:
WordPress gets hacked a lot because novice PHP developers with no understanding of security publish plug-ins.  

Actually, the more accurate statement is "WordPress gets hacked a lot because attackers who exploit the servers run scripts that modify WordPress installations since so many people use WordPress on shared hosting."

Ray's statement is factually true but given that you are hosted with GoDaddy and their shared server security record is WOEFUL and since all PHP files are modified to the same date (which would not usually be the case with a targeted WP plugin hack) I think Ray's first statement is the most accurate.  Another happy GD customer indeed :)

Hacks to a specific site via an insecure plugin tend to look different.  Typically, your site will be altered to spew attack files or be defaced.  Bringing it down is an amateurish thing.

http://wordpress.org/hosting/

I wish the Codex folks would update that link to reflect recent market trends :/

The hosting companies listed there are...okay.  Both Bluehost and Dreamhost are large shared server environments and suffer from outages and hacks from time to time.  Dreamhost did just roll out specialized WordPress hosting with Stop the Hacker and Varnish caching built in but it's pricier than their normal hosting and not quite as good as WP Engine or Page.ly for specialized WordPress hosting.

-----------------------------

hbash,

Please see this article for steps to remedy:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html

and also things you can do to harden your installation.  However, if the server itself is compromised and attackers can issue commands there is absolutely nothing you can do other than migrate to a new host.
Howard BashSenior Software Engineer

Author

Commented:
The only solution that has worked for me so far has been to roll back the system (database,etc).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial