All Plugins Got Deactivated

[Living Miracles]

Hi,

On two of my sites, over the past two days, somehow all the plugins got deactivated and basically left the sites looking “bad.” I’m wondering if there is any way BPS Pro could have anything to do with this? It’s a long shot, but I felt to ask. I connected with my hosting provider, and they said there is no way it could be server-related. They said, it would be either me or my colleagues disabling the plugins/plugin folder or making some change in the database to disable all the plugins (neither of these have happened). The other suggestion they gave, was that the site has been hacked/has malware.

Any thoughts?

Thank you!

[AITpro Admin]

The only possible security feature in BPS Pro that could do anything similar to something like that would be AutoRestore|Quarantine.  Did you recieve any email notifications about files being quarantined?  Do you see any files in Quarantine?  You can also check this AutoRestore|Quarantine log file using FTP:  /wp-content/bps-backup/logs/autorestore_log.txt

[Living Miracles]

Hi,

Thanks. There were no quarantined files today (for the site where the issue happened this morning). The only thing in the log are from two days ago:

[Root File AutoRestore Logged: 28 november, 2016 12:22 am]
Quarantined Filename: gd-config.php
Quarantine Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/wp-content/bps-backup/quarantine/root-files/gd-config.php
Restore Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/gd-config.php

[wp-content File AutoRestore Logged: 28 november, 2016 6:57 pm]
Quarantined Filename: object-cache.php
Quarantine Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/wp-content/bps-backup/quarantine/wp-content/object-cache.php
Restore Path: /home/content/xxxxxxxxxx/xx/xxxxxxxx/html/wp-content/object-cache.php

Those are the last two entries in the log; so nothing has been quarantined for 2 days.

[AITpro Admin]

I assume this is a Go Daddy Managed WordPress hosting account (special type of hosting that is not standard Go Daddy hosting) since the gd-config.php file exists and was quarantined.  To exclude dynamically updated files from being checked and quarantined by AutoRestore see this link for how to create AutoRestore single file exclude rules:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules  You would also create a single file exclude rule for the object-cache.php file.

I doubt that this had anything to do with malware or the site being hacked because hackers do not want you to know your website is hacked since that would defeat their intended purpose.  The other 2 things your host mentioned are common things that can cause all plugins to be deactivated.  Example:  If you rename the WordPress /plugins/ folder and then login and go to the WordPress Plugins page then all plugins will be automatically deactivated.

[Living Miracles]

Thanks; yes it’s a both sites in question are GoDaddy MWP sites. Thanks for the link to exclude those dynamically created files from ARQ.

I understand the issue of renaming the WordPress /plugins/ folder and that that would cause the plugins to be disabled; but what I’m saying is that neither I nor my colleagues renamed the plugins folder, so I’m just trying to track down what else could cause all of our plugins to be deactivated. I’m glad you mentioned though, that’s it’s probably not hacked, since hackers wouldn’t want it to be obvious that the site was hacked.

Any other thoughts on what could have caused this?

Thank you!

[AITpro Admin]

The only other logical guesses I have are your host did some sort of file migration or your host did some sort of database migration.  Other than that I cannot think of anything else besides what your host support folks already stated.

Hmm maybe the gd-config.php and object-cache.php files being quarantined could be related to whatever caused the plugins to be deactivated.  The scenario would be that GDMW hosting dynamically updated those files and they were quarantined and autorestored with older versions of those files from AutoRestore backup.  So what you would need to ask GDMW hosting is if this particular scenario occurred, is it possible that older versions of these files could cause a problem like this.  The timing is pretty recent, but logically I would think these files would not have the capability to cause this problem.  Since these files are specific to GDMW hosting then you would need to ask them if this scenario is even possible.  Probably not, but definitely worth asking about.

hmm yeah seems like maybe GDMW hosting did do a database upgrade in the last 2 weeks.  😉  found this below…

“…over the last 2 weeks. It’s their attempted upgrade to their mysql. Object caching failure I’m told by somone there.”

[Living Miracles]

Ok, thank you!!

[Living Miracles]

I’ve been trying to get the /gd-config.php and /wp-content/object-cache.php files excluded from ARQ, but no matter how I enter the file path, I get the same error; that whatever I used is not a valid file path. I read through this  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#autorestore-exclude-rules and the Read Me on the ARQ Add|Exclude Other Folders & Files page; I’m following these instructions:

1. Go to the AutoRestore page and turn Off AutoRestore.
2. Go to the Quarantine page and restore the error_log file that was quarantined.
3. Go back to AutoRestore > click on the Add|Exclude Other Folders & Files tab page > under the Exclude Folders & Files form > select Exclude an Individual File > Enter an Exclude Folder or File Path: /xxxxx/public_html/error_log
4. Click the Exclude button.
5. Turn AutoRestore back on.

I’ve tried the following file paths:
/home/xxxxxxxxxxxxxxxx/html/gd-config.php
/xxxxxxxxxxxxxxxx/html/gd-config.php
/html/gd-config.php
/gd-config.php

Those are the file paths as I see them through FTP. Each one resulted in the same error, that the file path wasn’t valid. Can you tell me what I’m missing here?

Thank you!

[AITpro Admin]

When a file is quarantined, the file path is logged in the Quarantine Log file.  You can get the file path from the Quarantine Log.  What exactly does this mean “I’ve been trying to get the /gd-config.php and /wp-content/object-cache.php files excluded from ARQ”.  Are you trying to add single file exclude rules or are you trying to remove single file exclude rules that you added previously?

[Living Miracles]

Thanks. I’m trying to add single file exclude rules. I just checked the Quarantine log and found a line for the “Quarantine Path” and the “Restore Path”. I’m guessing I want to use the “Restore Path”? Here’s the restore path I found (I replaced specific numbers with ‘x’):

Restore Path: /home/content/xxxxxxxxxxxxxxxxxx/xx/xxxxxxx/html/gd-config.php

Which piece of this line do I need to use for the exclude rule?

[AITpro Admin]

Correct, the Restore Path is the original path where the file existed before it was quarantined.  You would use the entire restore path for the AutoRestore single file exclude rule.  Note:  The file MUST actually exist/have been restored first before you try to create your AutoRestore single file exclude rule.  If you already deleted a file you can manually create/copy/upload a new file, then create your single file exclude rule.

[Living Miracles]

Ok, perfect. That works! Thank you for the clarification.

[Author]

Posts