[Plugin: WP Security Scan] No admin access anymore

While I don’t rightly know which link you’re talking about, what errors are you getting when attempting to log in? Is it a blank page, access denied, etc?

Hi Justin,
I cannot tell you for sure anymore, because there is no access anymore, but I first let the plugin change the wp_ to something else and the clicked on a link where I was warned about the password issue with the username ‘admin’, clicking it took me to https://semperfiwebdesign.com/documentation/wp-security-scan/change-wordpress-admin-username/

no when I log in I get the error ‘You do not have sufficient permissions to access this page.’, so no bad pass or username. I checked in the database and the admin user is still there.

Could you list the domain? If you’d rather not, I’m ok with you emailing it ([email protected]) to me.

Also, is it all access or just Admin access that disappeared?

Hi Justin,
Sorry… you’re poking around in the wrong blog. Try hionline.nl

Yes, all user access is gone

A quick poke around shows that the “admin” username still exists. I’m guessing you are actually able to log into the system, but when it redirects you to the dashboard, it freaks out on user permissions.

Now, I also tested hionline.nl/wp-login.php and hionline.nl/wp-admin and both are working correctly – so I don’t think the plugin renamed the wp directories.

I also installed the plugin on one of my installs and don’t have any problems with it (note: I haven’t let it change anything). I would see what happens when you manually deactivate the plugin by renaming the wp-content/plugins/wp-security-scan folder. When you ssh in, just drop into that dir then type ” mv wp-security-scan wp-security-scan-old” and WP will automatically deactivate it.

No, it does not help. Can there be some issue in changing the prefix of the databases from wp_ to something else?

f.e. that some part of wp accepted the change (login) and another part did not (user roles) and is still looking for tables with the prefix wp_ ?

Because as you can see, all users are still there and can login, but there are no privileges at all, not even subscriber privs.

I’m a big believer in nuking possible plugin issues first, I’ve just seen too many issues caused due to them.

The table prefix “lives” inside the wp_config.php file. That is currently working as your blog can locate the tables and display content. BUT…I did a little further digging and it appears that the plugin may have missed a few table prefixes that cause this problem. Check it out here.

The second code line of the article linked turned no results, but the first did. So it missed out in the metadata row.

Thanks for your help. The login works again as it should.

had the same problem here (version 2.7.1), executing the update of prefix_usermeta to change meta_keys (some still were wp_) indeed solved the problem.

The security scan plugin breaks admin access to the new widgets panel in WordPress 2.8.

I just got the same problem with WP 2.8.3.
It turned out that solution was to rename wp_capabilities meta_key in table prefix_usermeta. I used phpmyadmin to rename row with umeta_id=3 and meta_key=’wp_capabilities’ to meta_key=’prefix_capabilities’

thanks! worked fine!

I used this plugin on six of my installations ages ago and then I noticed that my girlfriend’s install still had the standard prefix, used this plugin and…………. I had to follow your instructions about changing two prefixes in subtables… Thanks for the info!

Same thing with 2.8.4, but the solution at the beconfused.com site worked – with the one complication that since I didn’t have phpMyAdmin access for this particular blog, I had to write a short PHP script to execute the updates.

this plugin looks awesome, but i’m scared to even try it lol!