Can’t login with no error message, even after changing password w/ SQL
-
Hi there,
Nobody can login to a website I host. A colleague of mine could receive recovery mails for changing his password, although I can’t (I am user ID #1).
The login screen is odd after a failure: it has the “<div id=”login_error”></div>”, but it is empty.I am self hosting (Debian 8 on Gandi.net). The last WordPress update (according to my mails) dates back from Jun. 19th: WordPress 5.2.2.
I checked other WordPress installs I have on the same server, with the same SQL database, and I could log in.
I went on to change my password through SQL:
> UPDATE
wp_users
setuser_pass
=MD5(‘something’) WHEREID
=’1′;But I still get the same error.
It’s maybe unrelated, but I have been hacked: I found 4 malicious files on the install folder, and my wp-config.php has been modified with an include of a malicious .ico file.
I had a random-named php file from Feb. 14th 2018 looking like this: https://www.ads-software.com/support/topic/coinhive-crypto-jacking-malware-hack/
And the hack with .ico files looked like this: https://blog.laserphile.com/2018/11/removing-persistent-backdoor-on.html
I removed all found files (and cleaned wp-config.php). Still I am not certain the hack is not still undergoing.
Most recent files date from May 8th 2019, which is about when I installed WPBruiser, whose scripts get loaded everytime we land on /wp-login.php .So, I have two questions:
* How can I log in? I don’t really care that I’m hacked for now (I really have better things to do now), I just want my colleagues to be able to post their post.
* When I have time, what should I do to clean my install? Can I remove anything that’s not wp-content, backup the DB, and roll a new site with some confidence that it will suffice?Thank you for your time. Don’t hesitate to ask more data.
- The topic ‘Can’t login with no error message, even after changing password w/ SQL’ is closed to new replies.