5

I created a website for a small bed and breakfast, but I found a problem, which I don’t understand if it is depended on WordPress or the server.

This website uses a pop-up animation to show the room description. The problem is that this popup has stopped working in the last week. From browser console, I noticed that the whole thing depends on a 404 error (admin-ajax.php not found). Here it is the detail:

jquery.js?ver=1.12.4:4 POST http://lettoacastello.net/wp-admin/admin-ajax.php 404 (Not Found)
send @ jquery.js?ver=1.12.4:4
ajax @ jquery.js?ver=1.12.4:4
(anonymous) @ script.js?ver=4.9.1:207
dispatch @ jquery.js?ver=1.12.4:3
r.handle @ jquery.js?ver=1.12.4:3

To be able to solve the problem temporarily, I simply reinstall WordPress from dashboard. The problem doesn’t occur again for a whole day, all works fine! But the next day all starts over and the problem presents again (this cycle continues like this every day). For this reason I do not understand if it is a server problem or not.

A last very important thing. The popup has no problems if I am logged into WordPress admin panel (the browser recognizes “admin-ajax.php” file).

The code was not written by me (the developer says that the problem does not depend on him).

However, I believe this is the portion of code that controls room popup:

jQuery(document).ready(function($){

$('.special-room button.btn, .rooms-sec button.btn').live('click', function(e){

    e.preventDefault();

    $('#room.modal').html('');

    var thislink = this;

    var page_id = $(this).data('id');



    $.ajax({

        url: ajaxurl,

        method: 'POST',

        data: 'action=_sh_ajax_callback&subaction=sh_room_detail&post_id='+page_id,

        success: function(res){

            $('#room.modal').html(res);

        }

    });



});

Please, can I ask you for help? Unfortunately I’m not very technical.

Thank you

Improve this question

3 Answers 3

Reset to default
3

I am taking this out of your comment:

Thanks @NicoHaase and @LawrenceCherone! After tinkering a bit with the admin-ajax.php file, I found the string that causes the problem. If I remove it, everything works correctly until the next day, when the string is automatically recreated.

The problem is that your website got Hacked, and script/software is injecting your website with this code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If everything works when you are logged in, this is not a direct problem of your code, but a security issue: of course you are not allowed to call any stuff in /wp-admin/ (which is the folder for backend actions) if not logged in, but your code does not handle that very well.

If you need to run this without a login, some more work has to be done in PHP code. But helping out is difficult if we cannot see that code

Improve this answer

4 Comments

you would think, but wp-admin/admin-ajax.php is both for front end and backend ajax calls :/ though you're meant to do if ( is_admin() ) {//back} else {//front} - codex.wordpress.org/AJAX_in_Plugins
If it could be useful, I share with you my "admin-ajax.php" file. dropbox.com/s/ftez6ctvnxri84q/admin-ajax.php?dl=0 Any hint?
Thanks, @LawrenceCherone - I was not aware of that... but that page give the hint that the plugin @Meng uses should register itself for the hook wp_ajax_nopriv_sh_ajax_callback, and probably has only done so for wp_ajax_sh_ajax_callback
Thanks @NicoHaase and @LawrenceCherone! After tinkering a bit with the admin-ajax.php file, I found the string that causes the problem. If I remove it, everything works correctly until the next day, when the string is automatically recreated. If you see the file that I have shared with you through Dropbox, you will see that the first string is very strange (<?php $bfpsecprsc_cookiename = "btpsecprwp" etc...). I am not very expert in coding, but what can this string be linked to? Malware?
0

Comment file: wp-admin/.htaccess --> #Order Allow,Deny AND #Deny from all Example:

<FilesMatch ".*\.(phtml|php)$">
#Order Allow,Deny
#Deny from all
</FilesMatch>
<FilesMatch "(index).php$">
#Order Allow,Deny
#Allow from all
</FilesMatch>

Greetings from Peru :D

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.