I AM LOCKED OUT

Hi follow these instructions. That should totally delete the plugin.

We did try deactivating the plugin via FTP, but all we got is a blank page.
We are able to enter WP admin area via the ‘old’ wp-admin page (which is now the only accessible page), but when you enter the plugin tab, there is NO plugin installed, apparently and even the theme has gone.

Is this normal?

We only changed the name of the specific plugin folder, i.e. the all-in-one-wp-security plugin folder.

Unfortunately for reasons I am investigating, I am unable to enter the database, however. Hopefully that will restore things as before.

One question: which files does this plugin modify, apart from wp-config, wp-settings, and the root index page? We found modified index pages in the subfolder wp-content, plugins and themes. They had some php code in the very first line (which is counted as only one line in the bug log)

We also found some new files in the root: login.php, options.php and an enormous php-cgi.php…

Finally, when trying to download those files, my antivirus software recognized them as carrying a troyan…

Thank you for any insight you can give me on these issues.

Cristina

OK, We followed to the letter all your instructions and went even beyond (by necessity).

We:

– changed the name of the plugin folder

– uploaded the original htaccess file and the wp-config + wp-settings + index (home) files

– upoloaded from our backup a whole bunch of clean php files for all the plugins in which your software injected its code at the top of all their php pages.

– accessed the database and activated all the plugins that had previously vanished (With the exclusion of all-in-one-wp-security, of course).

– went back to the wordpress backend from wp-admin (which was then accessible) and started manually activating all the plugins.

and…. now I get yet again a totally white page. Not a line of html in it. PLUS I cannot acces wp-admin aylonger.

PLEASE, tell us what is happening and how we can fix our website.

We found modified index pages in the subfolder wp-content, plugins and themes. They had some php code in the very first line (which is counted as only one line in the bug log)

This plugin does not modify your existing index.php files – nor does it modify the wp-settings.php file. The main file which this plugin modifies is the root .htaccess file and possibly the wp-config.php file (depending on whether you activate the “Disable Ability To Edit PHP Files”)

You have some other issues on your server. Check your server error log file which might shed more light on the white screen problem.

OK, thank you for your reply.
This obviously changes things quite a lot.
Will see what’s going on.

Cristina

Hi, thank you for getting back to us. Looking forward to your reply.

Regards

The server was hacked, that is sure, and we had plenty of files injected with strange code at the top.
However, getting rid of All in One WP SF has proved impossible, in any of the ways I found mentioned in your FAQ and on these threads. We tried them all, ftp, mysql, htaccess. All of them.
We are obviously one of the worst cases out there.
Eventually we dumped the database and files and uploaded a fresh version of everthing.
I don’t think I will give it a second try, I am afraid, as we cannot afford it to go so wrong again.
Thank you anyways for replying to my questions.

Sorry to hear about your ordeal. Things like this happen from time to time.

I am sure your decision is the best for your website and business. If you are no longer using this plugin can you mark this support thread as resolved.

Thank you