I can’t log into my sites or recover password, was I hacked?
-
I have 3 sites on WP.org, one of which I can log onto no problem, because I haven’t logged out of it. I didn’t log out of the other two either, but I am logged out and can’t get back in. I’m using Firefox 52.0.2 on a Mac OS 10.12.3 with firewall on. I shouldn’t need to turn it off, since my other WP site works. I erased all my cookies, cleared my cache, and still it won’t let me log in. Every time I get the login page, Firefox now warns me that it’s not secure. Yet there seems to be no https version available. So I bravely enter my login info as saved in my hiding place and it tells me either the password is wrong or the user doesn’t exist. I haven’t changed these things. I even tried resetting my password, finally using an email wordpress liked, and still haven’t gotten an email to reset the password.
I had been getting a lot of those spambot “subscribers” but I have all my blogs set up to require my approval on all comments. I’ve since changed them so nobody can comment. About a week ago I had gone through and deleted all the spambot subscribers on all my sites, and finally found the box to uncheck to just not let anyone subscribe.
What should I do?
Site that works: https://pinkyracer.com/
Sites I can’t log onto: https://sustainablefashionla.com/ and https://rainflowersla.com/wp-login.php
-
Firefox now warns me that it’s not secure. Yet there seems to be no https version available.
That’s normal, Firefox now highlights HTTP login forms as not secure, rather than how it used to highlight HTTPS login forms as secure: https://blog.mozilla.org/blog/2017/01/24/gets-better-video-gaming-non-secure-web-warning/
still haven’t gotten an email to reset the password.
It sounds like your hosting provider has disabled PHP’s
mail()function, which is used by WordPress to send notifications and password resets.This is a common safeguard employed by hosting providers when they suspect that another customer on the same server is sending spam emails directly from the server.
Another alternative is that PHP’s
mail()function is still active, but spammer activity from the server has already caused any email sent from it to be blacklisted. This would result in the emails being sent, but never received by any email address with basic anti-spam capabilities.For now, use this method to reset your password. It will always work, as you’ll be resetting your password directly in the database. (you’ll find phpMyAdmin in your hosting account’s control panel)
Now, back to why the email isn’t working, you can check this by leaving a comment on your site and checking if you receive an email. Another alternative would be to use the Check Email plugin and sending yourself a test email to see if it works.
If you didn’t receive a test email, you could try using a plugin like Postman SMTP to configure your WordPress site to use your email’s outgoing mail server instead of PHP’s
mail()function.finally found the box to uncheck to just not let anyone subscribe.
Assuming you mean unchecking “Anyone can register” at Settings > General in your site’s Dashboard, that was the right call to make. Despite the user role’s name, WordPress doesn’t send any subscription content on its own. The role is a “blank slate” meant to be expanded by plugins (ideally, by the name, subscription plugins) and unless expanded, “Subscribers” can only edit their own profile, nothing more.
If you don’t need users to register for anything on your site, there’s no reason to keep registration open. ??
- The topic ‘I can’t log into my sites or recover password, was I hacked?’ is closed to new replies.