Tagged: Wordpress site hacked
December 9, 2013 at 4:31 pm #77900
Help! I think one of my WordPress sites was hacked. I can't get into it with the password (I was able to get in Saturday) and it will not recognize either one of my email addresses to reset the password. Yesterday I did get a warning that someone had requested a password reset on one of my other sites and I just ignored it because it wasn't me. That one I can still get into.
How can I regain control of my site?? I do have access to the server where it is hosted. But I am not very sophisticated on all this tech stuff, so I need really simple explanations please.
http://tuscanyvillagehomes.orgDecember 9, 2013 at 4:34 pm #77902Brad DaltonParticipantDecember 9, 2013 at 5:11 pm #77914
What is the emergency password reset script? I did try to use the password reset but it did not recognize my email addresses or user name.
I can access the web host server through the c panel. What do I need to do there? again, I am not very technical so a simple explanation?
December 9, 2013 at 5:17 pm #77915
By the way, Brad, thanks for trying to help me!! I sure do appreciate it.
December 9, 2013 at 5:31 pm #77916
If you're not comfortable technically with using phpMyAdmin to manually edit and update the user tables in the database to regain access, your best bet may be to contact your hosting provider, tell them what's happened and let them handle it for you.
December 9, 2013 at 5:38 pm #77917eamonmoriartyParticipantDecember 9, 2013 at 6:04 pm #77921
I was able to access phpMyAdmin and locate the databases. There are two for this site, and both have the correct email addresses attached to them under "users". So why can I not reset the passwords in tuscanyvillagehomes.org/wp-admin using the password resets? Neither one of the email addresses is being recognized?
December 9, 2013 at 7:26 pm #77933
There used to be a trick where added non-printable characters make the email addresses not match.
You can edit the wp_users table and edit the user_email field for the user you want, delete what's there and retype it in then try the password reset again, see if that works?
Also, check your WP files in file manager to make sure none of those have been compromised.
December 9, 2013 at 7:58 pm #77939
Thanks for all the suggestions, everyone. I do appreciate the help. I went in and edited the phpMyAdmin databases, retyped in the email addresses and generated the passwords using the link from the page Eamon sent me. I still can't get into the site and it still does not recognize the email addresses I have used. Any other ideas?? I guess as a last resort I could totally reinstall it from a backup? That should contain the correct user info, yes? I always hate to do that, though.
December 9, 2013 at 8:22 pm #77943
And you're sure you're editing the tables in right databases for the sites? Otherwise it doesn't make sense that that trick didn't work. Was your wp-config compromised at all?
If you have a backup of the database, you could try copying the user info from the old into the new, see if you can then get in using your old password. Once you get access again, make sure you change your database passwords just in case.
December 9, 2013 at 8:33 pm #77945
How would I tell if the wp-config was compromised? I just finally took your suggestion and emailed my hosting company to see if they could help me. I am pretty sure I was in exactly the right place. The screens looked the same as the one in the sample at http://www.wpbeginner.com/beginners-guide/how-to-reset-a-wordpress-password-from-phpmyadmin/ There were two databases for this site, so I edited both of them to be on the safe side.
December 9, 2013 at 9:57 pm #77956December 9, 2013 at 10:05 pm #77959
I open up the cpanel for the site, click on phpMyAdmin and then click on databases. It shows three actually, but the first one is the schema for wordpress. The other two are Tuscany_1 and Tuscany_2. Under the first one I clicked on wp_users and under the second one I clicked on wp_tuscanyusers. They both give me the options to edit the username and password. Does that sound right?
December 9, 2013 at 10:29 pm #77962
As long as you're editing the table in the database that's defined in the wp-config, then that's what should work. If you stuck to defaults on your install, then wp_users is the table you want.
December 9, 2013 at 10:40 pm #77965
My hosting company is saying that it looks like the users were deleted, but when they tried to do a reinstall of the user info from the 7th, it had the same issue. (I actually edited this site on the 8th so I know it was working then.) They are going to try from two previous installs, but if the one from the 7th didn't work, I have no idea why the earlier versions would. Help! Now I don't know what to do.
December 9, 2013 at 10:42 pm #77966
I have a backup buddy from November 30th. If I totally uninstall the site and put up the backup do you think that would work? I already copied the posts since then, so I would have to go back and put those up again, but I can do it.
December 9, 2013 at 11:16 pm #77974
Have you scanned the site or has the hosting provider checked your logs? It might be a good idea, because at this point it's possible that whatever they used to hack your site might be lurking in a backup if a previous db didn't work.
This is a highly recommended free scanner: http://sitecheck.sucuri.net/scanner/
Actually, it says your site is clean but out of date. Weird. Maybe this is just a case of a database being in need of repair?
December 9, 2013 at 11:27 pm #77975
No idea. I am a relative WP newbie. They are going to try restoring the whole site next. I totally appreciate you help Summer. Will let you know if that works.
December 10, 2013 at 10:02 am #78065
They ended up reinstalling the site from a backup - they think it had something to do with a server glitch from the logs. At least I know it wasn't a hack, which would be scary. And now I know how to change the password on the server for the future (my web host said I was doing it the right way but the server glitch prevented success in this case) and I have a link to a site scanner too. I am very appreciative of everything you all did to try and help me!!!
December 10, 2013 at 10:15 am #78071
- The forum ‘General Discussion’ is closed to new topics and replies.