Locked out of Admin

  • So I got hacked. Fixed all the crap that I can find that they put on the website before the client saw. BUT whomever hacked it locked my username (only one on the account) out of being able to edit the template, add/delete plugins, and other important edits. Says I am administrator but seems like they changed what roles can do what. I cant add plugins to fix it. What do I do? I cant reinstall the site. This is a up and running business that cant go down for even an hour.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    If all the roles and capabilities are the defaults and have not been altered, you could copy the the options table entry from another unaltered WP installation. You could create one on your local computer or create one in a sub-directory of the web server. The option with all the roles and capabilities is “wp_user_roles”. The data is accessed and edited through the phpMyAdmin app, usually accessed from your hosting control panel.

    You should also verify the “wp_capabilities” usermeta value for your user ID also matches that of a clean, unaltered WP installation.

    If you still have trouble after restoring those values there is likely other hacked code that you missed somewhere. It’s often difficult to successfully do a manual clean up unless you are an expert in such matters. Hidden backdoor code can be very difficult to find. With any remaining backdoor code, reinfection is likely no matter how much security you add.

    Thread Starter williamgarrisonarts

    (@williamgarrisonarts)

    I cant seem to find the wp_user_roles in here (PHP MyAdmin). Admittedly Im not very experienced poking around in it. Additionally is it normal to have the side bar where you navigate the folder or panel structure say something to the effect of wp_7vg8e_users instead of just wp_users? didnt know if that was a problem.

    Moderator bcworkz

    (@bcworkz)

    You apparently have “wp_7vg8e_” assigned to $table_prefix in wp-config.php. While not the default, it’s fine. Hosts who offer WP specific hosting with it preinstalled or one click away will often use prefixes like that.

    The wp_user_roles record is actually the wp_7vg8e_options table. The wp_capabilities record is in wp_7vg8e_usermeta table. If by chance such records are completely missing from the table in which they should occur, you should enter a new record at the end of the table. Be very sure there is no such existing record by using the search tab. Get the appropriate values from a fresh WP installation.

    Since you are new to phpMyAdmin, it’d be a good idea to make a backup export of the affected tables before you make any changes.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Locked out of Admin’ is closed to new replies.