wp-admin “Sorry, you are not allowed to access this page.”

  • Hello everyone,
    I’ve had a recent issue affecting a website of mine. I had the Unloq plugin installed and I had to reset my phone (unloq app needed to be reactivated)
    The issue stemmed from how unloq taps into WP functionality for user management and basically after spending some time talking to the devs (who are really awesome btw!) It was understood that I had found a severe enough issue that they should be rolling out some update to this.
    To cut to the chase, I deleted the users under the unloq plugin settings thinking that would revoke unloq authorization. In fact, that was deleting the users. More seriously, it allowed the deletion of the super admin account while logged in!
    So after spending a whole couple of days trying to diagnose the issue and going through the db looking for weirdness (aside from an empty wp_users table and near empty wp_usermeta table), there’s still an issue viewing the admin side.
    I’ve recreated a couple of super admins in my testing, with the proper IDs and everything. Still to no avail. When logged in, I see “Sorry, you are not allowed to access this page.” on the wp-admin/ and on the front page… I got the user bar with the logged in user… links on the right are for wordpress & wp forums.
    I also tried repairing the db with wp-admin/maint/repair.php that didn’t seem to have done anything.
    I tried comparing wp_users and wp_usermeta from other wp instances that didn’t shed much light aside from noticing that it varies a whole lot, depending on plugins and possibly other factors I’m not knowledgeable of.

    Any ideas would be greatly appreciated… I hadn’t done a db backup of this site since it’s not there for actual work, more like a controller of other sites, I guess I should’ve

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter orangeworx

    (@orangeworx)

    Does anyone know how to rebuild the user info in the db, which tables need which inserts kind of thing.
    I’ve been looking through different WP instances that I have access to in order to compare what fields are required so the super admin user has access but I believe I’m missing something else, maybe in another table.

    Hi @orangeworx,

    Let’s try this step by step:

    1. Go to the wp_users table (the prefix wp_ is not always the same, depening on your settings in wp-config.php).
    2. Click on the ‘insert’ button and fill in the following information
    id: Pick a number, in this case try 1212
    User_login: Insert the username you would like to use
    User_pass: Add a password you would like to use, make sure that MD5 is selected under function
    user_nicename: Put a nickname you would like to use.
    user_email: Your e-mail.
    user_url: Your website URL (optional)
    user_registered: select a time when this user was registered.
    user_status: set this to 0
    display_name: put the name you would like to display.
    3. Now click on ‘GO’.
    4. Now go to wp_usermeta (the prefix wp_ is not always the same, depening on your settings in wp-config.php)
    5. Click on the ‘insert’ button and fill in the following information
    Unmeta_id: Leave this blank.
    user_id: this should be the same as id in wp_users (in this case 1212)
    meta_key: wp_capabilities
    meta_value: a:1:{s:13:”administrator”;s:1:”1″;}
    6. Click on ‘GO’
    7. Insert another one in wp_usermeta and insert he following
    Unmeta_id: Leave this blank.
    user_id: this should be the same as id in wp_users (in this case 1212)
    meta_key: wp_user_level
    meta_value: 10

    Let me know if this helped.

    Thread Starter orangeworx

    (@orangeworx)

    Thanks for the response though it’s still returning the same error
    It was exactly how I had recreated my user. I tested your method just in case I’d slipped in something different when I had tried it myself.
    On the frontend, it shows the newly created user as signed in.
    On the backend, “Sorry, you are not allowed to access this page.”
    Since my issue occured when a plugin gave me unlimited access to the user table and let me delete them all, what I’m trying to figure out is how WP processes user deletion to know what tables are accessed and modified when such action is undertaken.
    No files or their permissions were changed, just user deletion… at the db level, wp_users was empty.
    But since we’re recreating super admins then there should be no reason for access restrictions unless there are other places than wp_users and wp_usermeta that were modified.

    • This reply was modified 6 years, 7 months ago by orangeworx.
    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    @orangeworx Don’t create duplicate topics for the same thing. Your two new topics have been removed.

    If you’ve something new to add, do so here.

    Thread Starter orangeworx

    (@orangeworx)

    The moderation on this forum is … no comment.
    But to get back on topic since all relevant questions were asked individually in other posts (now deleted thanks to no comment)

    So it’s been around a week now, only access I have is no access, just successful logins
    No details in the codex regarding this because, within WP, safeguards were put in place so that the super admin can’t be deleted.
    Does anyone have any insight on the matter?

    Hi. I found this post trying to find a fix to my problem which seems to be the same as yours. I don’t know if you have found a solution yet but I figured I’d share what worked for me. I think my problem had something to do with the fact that I used a reverse proxy to be able to access the server from a certain domain.
    I found my solution in this thread here.
    I updated the wp-config.php file to include, at the very top, the line right after “<?php”: 

    define('FORCE_SSL_ADMIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
 $_SERVER['HTTPS']='on';
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘wp-admin “Sorry, you are not allowed to access this page.”’ is closed to new replies.