WP URL and Site URL Get Changed Automatically

Keywords: WordPress - AWS - Technical issue - Other

bnsupport ID: 001ba762-6e2f-db60-ad25-3eeb6a5497c9

bndiagnostic output:

? Apache: Found possible issues
? Resources: Found possible issues
https://docs.bitnami.com/general/apps/wordpress/administration/use-pagespeed/#disable-pagespeed
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-errors-apache/
https://docs.bitnami.com/installer/faq/linux-faq/administration/increase-memory-linux/

bndiagnostic failure reason: The suggested guides are not related with my issue

Description:
This is the most weird thing that has happened to WordPress under my watch for over 12 years now. The WP URL and Site URL both get changed to an alien URL. This has happened twice in the last week or so. Each time, I have to go to phpmyadmin and fix the URL in the dashboard. Can someone please explain why and how is it happening?

Hi @sabeeh

Thank you for using Bitnami WordPress and sorry to hear that!

It is bizarre in fact. The configuration of your instance should only be changed by you, a person having access to your machine (either consciously granted by you or an attacker that has successfully obtained access), or some other configured, automated scripts/cronjobs executing from within.

In order to reduce the risk of attackers, it is important to keep components up to date. I can see that you are running an old version of the Bitnami WordPress stack. Since then, a lot of components have released updates (including security updates in the case of Apache). I recommend you launch a new (updated) instance, migrate your data over there and see if the problem persists.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

While I’m doing exactly that; launching a new instance with the updated stack and moving my files and database over. I’m wondering, is there no way I can update the current instance to the latest release instead of setting up a new one?

On the original issue; I agree with you and that’s why the whole URL change is both alien for me as well as scary. After the first happening, we went through the users thoroughly, installed WordFence, ran highest level scans and even replaced plugins that WordFence thought were medium risk but were abandoned from the latest releases. Even then it didn’t protect us from it happening again. I have this question related to this; are remote db connections a possibility? Can someone connect to the database powering bitnami wordpress from a remote server with permissions to edit?

Thank you,
Sabeeh.

I’m wondering, is there no way I can update the current instance to the latest release instead of setting up a new one?

The recommended procedure is to launch a new instance and perform a migration. By doing so, not only will you ensure that a specific application (like WordPress) is updated, but the rest of the components shipped with the stack are as well.

are remote db connections a possibility? Can someone connect to the database powering bitnami wordpress from a remote server with permissions to edit?

Though remote connections to the database are possible, this is explicitly disabled by default. That means that external connections are not allowed unless otherwise configured. More info at:

https://docs.bitnami.com/google/apps/wordpress/administration/connect-remotely-mariadb/

As you mentioned you have launched a new instance, have you experienced the same behaviour this time? We also have a guide covering how to Secure WordPress, though it is based on WordFence (and seems you already had this feature enabled)

https://docs.bitnami.com/google/apps/wordpress/troubleshooting/enforce-security/

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: