Can’t access WP Admin after Hack

Resolved gfernandes87
(@gfernandes87)

1 year, 11 months ago

Hello everyone

If anyone could help I would be very grateful.
So I was one of the lucky guys to been hacked.
They changed the dbprefix and admin access and there something else cause i cant access to wp-admin dashboard. I can loggin but have no access to the dashboard.

Did some digging and here what I’ve done so far.

1 Old Install
Looking for any change in the .php files and correct it.
Any changes in the DB and suspcious entry.
Deleted old user and added new one via phpAdmin. All settings are correct.

2 Disable Pluggins and Themes

3 Copy the Admin and includes folder from a new install

4 Config httaccess ive done it all.

Did the reverse and here’s is where it gets tricky.

5 New Install
– I was trying to move file by file (from old to new) to check where is the problem.
Dashboard works everytime i moved the old files to the new instal.. until…
I open the config and just add the connection to the DB. (I did not copy the old file.. just filled the right db path and user)

As soon as I did that WP forced me to do a new install (?) but it was already installed.

So… perhaps some scrip is hidden in the DB??
Please help.. I’m completely desperate.. lost the last week banging my head against the wall.
Thank you so much

PS: Guides I’ve followed

FAQ My site was hacked

https://kinsta.com/knowledgebase/sorry-you-are-not-allowed-to-access-this-page-error-in-wordpress/
https://betterstudio.com/blog/cant-login-to-wordpress-admin/

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator t-p
(@t-p)

1 year, 11 months ago

So… perhaps some scrip is hidden in the DB??

Try reviewing:

– http://ottopress.com/2009/hacked-wordpress-backdoors/
– https://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/
– https://www.wpbeginner.com/plugins/how-to-scan-your-wordpress-site-for-potentially-malicious-code/
– Install the plugin Wordfence plugin and do full scan of your site.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence.

Thread Starter gfernandes87
(@gfernandes87)

1 year, 11 months ago

Cant use the pluggins. After the login the black bar on the top only shows About
Insights, Weglot and the user logged.

If I click in any or type wp-admin directly i got the message “Sorry, you are not allowed to access this page.”
Which is not true cause if follow all the steps correctly and the user should have the permissions granted.

There should be something else.
I will take a look into that links.

Thank you
Thread Starter gfernandes87
(@gfernandes87)

1 year, 11 months ago
Hello guys nothing worked.
So I’ve done a workaround.

Installed a fresh instance of wordpress in the server.
Installed Wordfence to make the scan.
Started to move folder by folder from old wp to new one folder.
NEVER (And this is important) updated the config.php file cause it seems there was something wrong with the DB.

The goal here was only to be able to scan the folders.
Wordfence found more files corrupted.
Deleted any strange entry in the old DB too (Comments, forms etc) and finally update the connection in the config.
Also got a lot of infected files in the rout path of my domain.

Got back up, cloned the new wp, new users, new db.

Hope this helps if someone gets lost.
- This reply was modified 1 year, 11 months ago by gfernandes87.
- This reply was modified 1 year, 11 months ago by gfernandes87.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Can’t access WP Admin after Hack’ is closed to new replies.

Can’t access WP Admin after Hack

Topic Tags

Views