There other folder with the Dec 26 date is the “upgrade” folder, and it is empty.
It looks like you’ve been hacked. Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If youβre unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Thanks for the link Steve.
I’ve given it a quick look-through to get a feel of the scope of steps. I normally make a good backup at the end of the year but didn’t this time. Of course. I have older backups and I may just revert to one of those, then go through all the upgrades to get current.
I think knowing what folder to kill before restoring will take some time, but the ones dated Dec 26 will be on the list.
John
I tried changing the WP admin password by editing the wp_users database, but the change doesn’t seem to take affect. The login from the web page still fails. I would think manually changing it and saving would be all it takes.
Any ideas?
Since my WordPress section of my web site is small, I think it would be best to blow it up and rebuild from scratch. Can I just delete the WP folders and then install WP back on the server and build from there?
Read here about how to properly edit the databbase to change your password: https://wordpress.org/support/article/resetting-your-password/
I’ll bookmark that for future reference. I was in the MySql database, but I didn’t see the existing password set as MD5 type. It was blank.
I’m working through the hardening steps on the new install, now. Two-factor authentication is in place and the fence firewall plugin is installed. Still plenty of things to check.
I’ve found that when I need to login to my sites via 2FA, my phone is inevitably in another room. π
From needing to use 2 Factor at work, I’ve gotten used to having the cell phone with me most of the time.
To be honest, this may all be a good thing. Other than the first 24 hour freak out part. I hadn’t changed my main web page in years. I had gotten lax in lots of things. I just use Word Press for this page, and a few other static info pages. The rest is forum software.
I just need to find a theme that fits the layout I want to have and start editing.
OK, more support needed.
I got an email alert from WordFence that a user I didn’t recognize had not been allowed to login to my WP. I surfed to my WP login and used the user I created after removing the previous WP install in total, and installed a clean copy. My admin account no longer could login. Great. I used my hosts provided PHPMy Admin to check the users in my WP database. Two users I didn’t create and my admin account wasn’t there either. I deleted both of those and created a new administrator user based on the steps I found in a web article. The user works to login, but I can’t get the to the WP dashboard. I looked at the meta-data section of the database and I see the last few entries of for my new user and most are for user ID 1 and ID 2, which I probably deleted.
1) Can I delete those records in the meta database?
2) How do I get access to the dashboard again ? Some more info in the database I need to add?
3) How the heck did I get hacked again with a fresh install and new account created? WordFence didn’t tell me anything but my own logins when I was building the page, but clearly, something is left open.
I got the new admin to get to the dashboard. My prefix for the database was not just wp_. Once I edit that to match the database names correctly, it worked.
I guess I still need to know how someone got in when nothing was the same. My admin account was new and the password a random generated 16 char string of stuff. I also had 2 factor auth enabled.
I would still like to know if I can remove the meta database entries associated with the user accounts I removed. User ID 1 and 2. My new user has a much higher user ID on purpose. They just have more meta lines than the one I created manually.
Yes, but make a backup first, because it’s really “yes, probably”. π
I’ll make a quick backup.
What does the meta database do? It almost looks like it keeps track of changes or settings that the user makes. The other users have so many more lines in the database than my new admin does.
As long as I have full admin rights to maintain my new WP install, I’ll be fine.
