Issue Issue with WP / WP Toolkit: wp-config.php suddenly empty without other suspicious activities

[B_P]

Server operating system version

Ubuntu 22.04

Plesk version and microupdate number

18.0.70 Update 1 Web Pro Edition

Hi all,

Today I figured out that one of the subscriptions on my server has an error, namely that WP is not working correctly any more.
WP toolkit reports that the page is damaged and provides the additional hints (translated from German to English):

WP Toolkit has found WP files under the following path: /var/www/vhosts/<customername>/<docroot>

This WP page does not seem to work. Try to restore the page from a backup or remove redundant files.

Additional details: "Error: Strange wp-config.php file: wp-settings.php is not loaded directly."

When looking into the folder, the file wp-config.php is completely empty.

 

[Sebahat.hadzhi]

Hello, @B_P . The website might be compromised. If you have a backup copy, I would suggest trying to restore one. If not, what I can suggest is coping the content of the wp-config-sample.php into wp-config.php and updating the database connection details according to domains > examle.com > Databases > Connection info.

 

[jopple]

Thanks for the info, Sebahat. I’m seeing the same issue on one of my subscriptions, too. wp-config.php is suddenly blank, and no other obvious signs of compromise. I’ll try the workaround with wp-config-sample.php for now and see if it helps get things running again. Curious if anyone figured out what might have caused this in the first place? It would be good to prevent it from going forward.

 

[Sebahat.hadzhi]

I would recommend you to review the access logs of the website in order to determine if there were any abnormal activities. Also, performing a full scan of the affected websites is not a bad idea. And the essentials, such as ensuring WP core, themes, and plugins are all up to date, resetting your WordPress admin passwords.