WordPress.org

Ready to get started?Download WordPress

Forums

Probably hacked - must change capabilities in phpmyadmin (16 posts)

  1. folkmun
    Member
    Posted 4 years ago #

    Hi, Mi site could have been hacked. I just deleted two users that appeared just before my problem - which is: I, as an administrator, can't publish or delete pages any more. How do I check my user level and change it in phpmyadmin?

  2. folkmun
    Member
    Posted 4 years ago #

    Link to my wp_usermeta: http://hammaro.ifolkmun.se/wp-content/uploads/2009/09/db_090913.gif Which I assume shows I have full admin rights. Spooky.

  3. s_ha_dum
    Member
    Posted 4 years ago #

    In PHPMyAdmin's SQL field, this--

    SELECT *
    FROM wp_usermeta
    LEFT JOIN wp_users ON wp_users.ID = user_id
    WHERE meta_key = 'wp_capabilities'
    AND meta_value LIKE '%administrator%'

    -- should give you all users with admin privileges. Or this--

    SELECT *
    FROM wp_usermeta
    LEFT JOIN wp_users ON wp_users.ID = user_id
    WHERE meta_key = 'wp_capabilities'
    AND meta_value NOT LIKE '%subscriber%'

    -- should give you all users with better than subscriber privileges. In both cases I'm assuming that wp_prefix has not been changed. Between these two queries you should be able to sort out any users with the wrong role. Its possible that someone could still have particular capabilities that are too high though. You'll have to search for those too, to be safe.

    The bare bones WP admin privileges line looks like this:

    a:1:{s:13:"administrator";b:1;}

    You should be able to copy that into the meta_value field of the wp_usermeta table where user_id == your id and meta_key == 'wp_capabilities' and get your privileges back, though doing so will mess up any extra roles or capabilities added by a plugin, for example.

    That still leaves you with preventing a repeat of the hack. The best way to start is with a complete re-install, and update if need be, from clean copies of WP, the theme, plugins etc.

  4. s_ha_dum
    Member
    Posted 4 years ago #

    User 108 also has full admin rights, and user 104 has curiously powerful capabilities.

  5. folkmun
    Member
    Posted 4 years ago #

    User 108 can not delete pages or create users - just tried.

  6. folkmun
    Member
    Posted 4 years ago #

    Thanks a lot for the help - I will try that!

  7. Shane G
    Member
    Posted 4 years ago #

    Hi,

    Please stay upgraded to the latest version of wordpress and do not install any vulnerable plugin into your blog. Set strong password and use this plugin to maintain access of the user roles:

    http://wordpress.org/extend/plugins/user-access-manager/

    Thanks,

    Shane G.

  8. folkmun
    Member
    Posted 4 years ago #

    i would like to make a fresh reinstall for both wordpress and database, since I subject my tables are corrupt. Can I start a fresh database and just import wp_comments, wp_posts to recover posts and comments from my old install?

  9. s_ha_dum
    Member
    Posted 4 years ago #

    Can I start a fresh database and just import wp_comments, wp_posts to recover posts and comments from my old install?

    The built in WP Export function will give you an export of your post, comments and then some. You can then import the file using the built in Import function. It is possible, though I don't know how likely, that you'll re-import bad data. Depends on how clever your hacker was.

  10. folkmun
    Member
    Posted 4 years ago #

    I started a fresh database - but now I have a backed up database with 4 000 articles. Is there an sql diagnose program to scan and repare the db with before importing?

  11. s_ha_dum
    Member
    Posted 4 years ago #

    Did you use the WP Export functions to get your posts out? If no, re-importing only part of a DB could be dicey because you have to preserve a bunch of cross-links between the tables.

    I don't know of any scanner that will scan a .sql file for problems but if you open the file in a text editor it is pretty easy to read. Look for bits that look like code because there really shouldn't be much of it. If you find some make sure you know what it does and make sure you put it there.

  12. Adam Harley
    Member
    Posted 4 years ago #

  13. folkmun
    Member
    Posted 4 years ago #

    Thanks! Unfortunately we exported in phpmyadmin. By crosslinks do you mean hyperlinks in articles and releated posts functionality?

  14. Adam Harley
    Member
    Posted 4 years ago #

    Cross-links are the entries in one WordPress table that relate to another, the dicey part being if you don't restore a table that another one references.

  15. s_ha_dum
    Member
    Posted 4 years ago #

    By crosslinks do you mean hyperlinks in articles and releated posts functionality?

    No on the first part. Hyperlinks should be OK. Other things might be effected. Comments are stored in a separate table from the posts and crosslinked to the posts table by means of the post ID. You'll have to be careful to keep those associations or your comments will be associated with the wrong posts. Meta data like author data could be effected since the post author is stored in the post table as a number that references a row in the users table. See what I mean? When you exported via PhpMyAdmin, if you exported using 'add auto-increment value' (which seems to be the default) then you should have all the information you need. You can probably just import the wp_posts, wp_postmeta, and wp_comments parts of your .sql file and get most of it back. You'll have to comment out the other parts or cut and paste the parts you want into another file in order to avoid importing everything. This won't get your user data back, and it will mean that your author data is messed up. It doesn't seem wise to reimport the wp_user or wp_usermeta parts though.

  16. folkmun
    Member
    Posted 4 years ago #

    Great help! I will try to set up a local installation and test this before I do it on the live site if I can.

Topic Closed

This topic has been closed to new replies.

About this Topic