Passwords being reset, WordPress Address (URL) changing

  • Resolved maryaustin1989

    (@maryaustin1989)


    11 years, 1 month ago

    Hello all,

    I recently created a new website through WordPress for my employer (https://www.hjmt.com). The site is looking great and functioning pretty well for the most part. My only concern is that when I moved the site from the subdomain where it was being developed into the root folder, I’ve noticed a few things that are cause for concern.

    The primary issue is that the passwords for all users are being reset. Usually, we log in through https://www.name.com/wp-admin. I’m able to reset the passwords through the lost password link and then log in for a day or so, until the password is reset.

    I also noticed that under the general settings for our site, the WordPress Site URL is not the same as the site URL, which I think may be causing the log-in issues. I reset the urls to be the same, but if the password needs to be reset, so does the URL. I feel that these might be a related issue.

    Also, some user’s names have reset in the past to ‘admin’ without my doing so. I was able to go into the database and change them back to their original log in. I went ahead and removed any users named admin in hopes of eliminating that potential backdoor.

    Today I tried logging in through https://www.name.com/wp-login.php and was still able to use my password to get in. All seemed well.

    Over the weekend, another WordPress site within our company was compromised and now I’m very concerned about the security of this and other sites.

    I’d love to hear if anyone has encountered this issue and successfully solved it. I’d be glad to know if it’s just something dumb I did in the process of moving the site, or if we’re dealing with something malicious I need to address. I’d appreciate any response as I’ve seen this issue numerous times on the forums with little to no resolution. I’ll keep trying any tricks I come across, but I feel my Google searches can only go so far as I’m really not a web developer or web security expert, just a designer.

Viewing 12 replies - 1 through 12 (of 12 total)

  • What was the process you followed to move the site? Did you follow the instructions here?

    Thread Starter maryaustin1989

    (@maryaustin1989)

    Hi Christiaan,

    Thanks for the response. Yes, I followed the “On Your Existing Server” instructions. The only inconsistency I’ve noticed was during the process, I originally used just https://url.com rather than adding www to the URL. I know I had a bit of an issue getting the site to run, but I think I was able to manually change the URL in my database to get it working again.

    It seems like using the wp-login.php link is working so far still today with all users. When trying to log in with through /wp-admin with our general “admin” user, the page does not return an error but also does not allow me to log in. It just reset all fields to blank. Other users can log in with this address.

    Any other suggestions as to why this would happen?

    You’ve verified that the ‘siteurl’ and ‘home’ fields in your wp_options database table are, in fact, the same?

    Thread Starter maryaustin1989

    (@maryaustin1989)

    I don’t have a ‘home’ field in my wp_options database table.

    I don’t have a ‘home’ field in my wp_options database table.

    Yes, you will. All WordPress sites have this row in the wp_options table.

    Thread Starter maryaustin1989

    (@maryaustin1989)

    Here is the list of fields in the order they appear in my wp_options database. I’m accessing it through PHPMyAdmin via my host’s CPanel. The list is below, as well as a screenshot of the fields I have. https://imgur.com/yCGIT6W
    siteurl
    blogname
    blogdescription
    users_can_register
    admin_email
    start_of_week
    use-balanceTags
    use_smilies
    require_name_email
    comments_notify
    posts_per_rss
    rss_use_excerpt
    mailserver_url
    mailserver_login
    mailserver_pass
    mailserver_port
    default_category
    default_comment_status
    default_ping_status
    default_pingback_flag
    posts_per_page
    date_format
    time_format
    links_updated_date_format
    links_recently_updated_prepend
    links_recently_updated_append
    links_recently_updated_time
    comment_moderation
    moderation_notify
    permalink_structure

    Please let me know if I should be looking somewhere else for this.

    You need to look through your wp_options table.

    Thread Starter maryaustin1989

    (@maryaustin1989)

    Sorry, didn’t realize there were more than one page to look at. Yes, the ‘home’ and ‘siteurl’ fields are identical.

    Really? If that’s the case, then that’s probably the problem. You should have a field with ‘option_name’ value of ‘home’ that has the same value as the ‘siteurl’ field. If you do not have that field, I recommend modifying your wp-config.php file with the following entry: https://codex.www.ads-software.com/Editing_wp-config.php#Automatic_Database_Optimizing

    This should trigger WordPress to repair any missing fields.

    Thread Starter maryaustin1989

    (@maryaustin1989)

    Thanks Christiaan. I found the home field, it was on the next page. Didn’t realize there were more pages than the one I was looking it. Seems like the fields in questions are identical. Maybe the issue resolved itself. Just curious as to why it would have reset in the general settings in the first place and why logging in through wp-admin was giving me trouble.

    Are you still having trouble logging in, or is it working now? If everything is fixed, please mark the thread as resolved.

    Thread Starter maryaustin1989

    (@maryaustin1989)

    Thanks for the help. It seems the issue is resolved.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Passwords being reset, WordPress Address (URL) changing’ is closed to new replies.