Website hacked due to Hybrid Composer vulnerability. Fix and recommendations here.

  Public Ticket #2115032
Composer/Classic layout


  •  1
    jamingnet started the conversation

    I've been having bad experiences about changing classic layout from Composer layout automatically. Once it goes to classic layout, all the layout from Composer were gone. I had to create staring over again. 

    Please let me know how to avoid this issue.

    Thank you very much.

  •  440
    Gabriel replied

    Hi, the most common way of corrupting the page json is by adding <script> tags inside Code Block elements. For scripts I recommend this plugin:

    If that's not the case on your end, let me know and I will check.

    Also, if this happens again, create an admin user for me and I will recover your data.

  •  1
    jamingnet replied

    I have installed and activated the plugin. could you tell me what to insert or do after this?

    I would appreciate your help.

  •  440
    Gabriel replied

    The only thing you need to be careful with is inserting custom code in the page editor.

    Codes like:


    can be added using WordPress Editor elements.

    <script> codes always need to be added outside the page editor and best way is using Insert Headers & Footers plugin.

    Other than that, it should work fine.

    If you experience this again using regular page elements and content, please create a temp admin for me to take a look, as this is not a normal behaviour.

  •   jamingnet replied privately
  •  440
    Gabriel replied

    Hi, I've disabled Gutenberg editor from theme options.

    This is the new default editor from WordPress. We updated the theme in v.1.10 so it would be compatible with this editor, but it still causes problems when used with other plugins.

    See if it works fine now. I couldn't find the page you mentioned (used search).

    If you still have issues, we'll look for another solution.

  •   jamingnet replied privately
  •  440
    Gabriel replied

    It's fixed.

    Free membership page went ok. Paid membership page had this in the text list: 

    <a href="\"http: //\"">リンク</a> | <a href="\"mailto:\"">コンタクト</a>

    That's why it broke the page.