Wordpress sites are failing - "wp-config.php" file disappears off server

November 13, 2018 1.6k views
DigitalOcean WordPress

Hi - I have had multiple Wordpress sites on my server have the wp-config.php disappear.

When I go to my site, I am greeted with “Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file to your WordPress installation.” Is anyone familiar with this problem? It is frustrating as I have attempted to redeploy a wp-config file but I have had no success with it.

Any advice or suggestions would be appreciated!

Thank you

3 Answers

Hey friend,

That doesn’t sound good. I want to prepare you for a situation in which you may need to be looking to your backups and deeply investigating all of the files in your Wordpress installation. What you’ve described sounds like a scenario in which a theme or plugin in the Wordpress instance has vulnerable code and may have been used to compromise your system.

Files generally don’t just go missing, and when PHP files go missing in a Wordpress installation you’ve got a pretty sure bet that it’s the result of vulnerable code which allowed an attacker to execute code on the system.

There is no one right way out of this situation, but Sucuri has a lot of experience:
https://sucuri.net/guides/how-to-clean-hacked-wordpress

As someone who used to clean up hacked Wordpress installs on a daily basis, that Sucuri guide is spot on for what I would advise.

Jarland

Hi Jarland

Thank you for that information I am going to read on what I need to do to resolve these going forward. I was luckily enough to find a ubuntu expert who resolved my site, but this is definitely not the first time it happened to me.

Thank you again Jarland
Nicholi

Take a look at your log files to see what hackers are doing to your website.

WordPress is a favorite for hackers because it has so many vulnerabilities.

I don’t use WordPress, I hate WordPres, but I see plenty of bots trying to find it’s known vulnerabilities on my websites.

Subscribe to security announcements for WordPress, and each WordPress add-on that you use. And keep WordPress, and it’s add-ons up to date.

You could also do some hacking to WordPress to to move files around, and change permissions and such so that only you know how to access the admin parts of WordPress. Most hacking is done by bots, so it’s mainly a matter of outsmarting the bots.

Wayne Sallee
Wayne@WayneSallee.com
http://www.WayneSallee.com

Have another answer? Share your knowledge.