Can’t access network admin

Hi, purpleadmin, & welcome. Could you please provide us w/the url of the site you’re having problems with? This is sometimes a sign of a site compromise. We might know more if we can look at the site(s) in question.

Hi Jackie, the site is https://juliannebenford.com – sorry, in my hurry to include as many details as I could remember I forgot to include the url!

It happens, purpleadmin. Thanks for providing it. The truth is it was helpful, because I actually could access it. Not that I could log in, of course, but it did provide me w/a login screen & a math problem to solve.

The other thing that occurred by providing a site url was that I was able to see that you were running a cache plugin on the site. Please, therefore, clear your browser cache, & you may also need to disable the site’s cache if that does not work. Let us know if you require instructions on how to do so.

Please let us know if this did (or did not) help, ok? Thanks.

Thanks. I’ve cleared my browser cache, and to be sure, tried using a different browser. I think I’ve disabled the site’s cache – ‘Caching’ is at the top when I’m logged in and I purged all and then turned it off in the settings. Please let me know if there’s another way. It doesn’t seem to have helped.

Just curious, purpleadmin–can you access it using a cell phone?

Yes, I can log into my site no problem, but Network Admin is still not showing on the menu at the top and /wp-admin/network still gives me the ‘Sorry, you are not allowed to access this page’.

Purpleadmin, can we please see your .htaccess file. Also, what security plugins are you running? You’re obviously running 1, else I wouldn’t get this math captcha. That is what I’m supposed to be seeing, right?

The captcha plugin is Captcha, which I see from googling was removed from the WP plugin store due to the security backdoor issue. I have deleted it from active_sitewide_plugins in my wp_sitemeta for now, but I don’t know if there is anything I need to do in order to repair any damage this caused.

Otherwise for security I had Jetpack installed, paid version, but after my previous experiment with active_sitewide_plugins it doesn’t seem to be working.

My .htaccess:

# Use PHP5.6 as default
AddHandler application/x-httpd-php56 .php

# BEGIN WordPress
<IfModule mod_rewrite.c>
	RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
</IfModule>
<IfModule mod_expires.c>
	ExpiresActive On
	ExpiresByType image/jpg "access plus 1 year"
	ExpiresByType image/jpeg "access plus 1 year"
	ExpiresByType image/gif "access plus 1 year"
	ExpiresByType image/png "access plus 1 year"
	ExpiresByType text/css "access plus 1 month"
	ExpiresByType application/pdf "access plus 1 month"
	ExpiresByType text/javascript "access plus 1 month"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresDefault "access plus 1 weeks"
</IfModule>
AddHandler application/x-httpd-php70s .php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

• This reply was modified 6 years, 9 months ago by purpleadmin.

Well, purpleadmin, now that you said that about the captcha plugin, it again raises the spectre of a site compromise. I don’t see any evidence in the code, but that is not always necessary. Indeed, because the criminals wish to remain in control for as long as possible, it often does not ever show up there.

Can you tell us whether you have a subdomain or subdirectory installation?

It might also be instructive to see your wp-config.php file, but, if you paste it here, purpleadmin, please, please, please, for goodness’ sake, make sure to redact your database credentials. This is a public forum, &, lest you think I’m being condescending, I have seen this happen on considerably more than 1 occasion. So yeah–whenever I ask for someone’s wp-config.php file, I always do so w/that warning attached.

I’m going to suggest some changes to your .htaccess file, but I nee to know what sort of multisite install we’re dealing with here before doing so.

It’s a subdomain installation. Not taken as condescending at all. Here’s the wp-config:

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.www.ads-software.com/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'redacted');

/** MySQL database username */
define('DB_USER', 'redacted');

/** MySQL database password */
define('DB_PASSWORD', 'redacted');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts - redacted

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_fzci_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.www.ads-software.com/Debugging_in_WordPress
 */
define('WP_DEBUG', false);
/* Multisite */
define( 'WP_ALLOW_MULTISITE', true );
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'juliannebenford.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
define('SUNRISE', 'on' );
define( 'AUTOSAVE_INTERVAL', 300 );
define( 'WP_POST_REVISIONS', 5 );
define( 'EMPTY_TRASH_DAYS', 7 );
define( 'WP_CRON_LOCK_TIMEOUT', 120 );
/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

Purpleadmin, what I suggest you do is to rename your .htaccess file to htaccess (w/o the preceding dot).

Then, please create a new .htaccess file w/the following lines:
# SubDomain Example
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond?%{REQUEST_FILENAME} -f [OR]
RewriteCond?%{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
</IfModule>

I do suggest you join Google Search Console:
https://www.google.com/webmastertools
Verify your ownership of the site, & see if they find anything suspicious.

If the site were mine, I’d be changing passwords on my database (remembering to make the changes in wp-config.php), as well as my dashboard & my hosting provider’s control panel.

I’d also change the salt keys in my wp-config.php to log out any unauthorized users. I’d check to see if there are any users you don’t recognize, especially admins. & I think I’d run a security plugin like Wordfence or All in One WP Security to see if files were modified.

Lastly, since I can access this & you can’t, perhaps check w/Bluehost & insure that your IP hasn’t in some way been locked. If you have a firewall running, chec the rules as well. Since you’re able to log into the site, I doubt this, but it might be worth checking nonetheless.

Lastly, since I can access this & you can’t, perhaps check w/Bluehost & insure that your IP hasn’t in some way been locked. If you have a firewall running, chec the rules as well. Since you’re able to log into the site, I doubt this, but it might be worth checking nonetheless.

Sorry, I don’t understand what you mean by ‘since I can access this & you can’t’? What can you access that I can’t?

Purpleadmin, when I type:
https://juliannebenford.com/wp-admin/network
I get a login screen. You say you’re not getting that, so I’m guessing I can access it & you’re not able to. Or perhaps you meant that once you log in you get a permissions error? Obviously I can’t log in, but I am getting a login screen when I type the url.

It’s a permissions error. I get the login screen, unless I am already logged in, in which case I get the ‘Sorry, you are not allowed to access this page.’ message. And if I log in through that login screen, I get the same message. It’s like I’ve been downgraded to admin on the multisite – I can’t access Network Admin, or use any of the superadmin role capabilities.

• This reply was modified 6 years, 9 months ago by purpleadmin.

I’ve fixed it!

It turns out that for some reason, in my wp_sitemeta, my site_admins was set to the email address I use to login, rather than the actual username. I have no idea why this happened, but after searching for instructions on how to add a new superadmin I wondered if that was the issue, and after changing that one line it all started working.

Many thanks for your help, I will take your advice about security plugins.