Probably hacked – must change capabilities in phpmyadmin
Link to my wp_usermeta: http://hammaro.ifolkmun.se/wp-content/uploads/2009/09/db_090913.gif Which I assume shows I have full admin rights. Spooky.
In PHPMyAdmin’s SQL field, this–
SELECT * FROM wp_usermeta LEFT JOIN wp_users ON wp_users.ID = user_id WHERE meta_key = 'wp_capabilities' AND meta_value LIKE '%administrator%'
— should give you all users with admin privileges. Or this–
SELECT * FROM wp_usermeta LEFT JOIN wp_users ON wp_users.ID = user_id WHERE meta_key = 'wp_capabilities' AND meta_value NOT LIKE '%subscriber%'
— should give you all users with better than subscriber privileges. In both cases I’m assuming that wp_prefix has not been changed. Between these two queries you should be able to sort out any users with the wrong role. Its possible that someone could still have particular capabilities that are too high though. You’ll have to search for those too, to be safe.
The bare bones WP admin privileges line looks like this:
You should be able to copy that into the meta_value field of the wp_usermeta table where user_id == your id and meta_key == ‘wp_capabilities’ and get your privileges back, though doing so will mess up any extra roles or capabilities added by a plugin, for example.
That still leaves you with preventing a repeat of the hack. The best way to start is with a complete re-install, and update if need be, from clean copies of WP, the theme, plugins etc.
User 108 also has full admin rights, and user 104 has curiously powerful capabilities.
Please stay upgraded to the latest version of wordpress and do not install any vulnerable plugin into your blog. Set strong password and use this plugin to maintain access of the user roles:
i would like to make a fresh reinstall for both wordpress and database, since I subject my tables are corrupt. Can I start a fresh database and just import wp_comments, wp_posts to recover posts and comments from my old install?
Can I start a fresh database and just import wp_comments, wp_posts to recover posts and comments from my old install?
The built in WP Export function will give you an export of your post, comments and then some. You can then import the file using the built in Import function. It is possible, though I don’t know how likely, that you’ll re-import bad data. Depends on how clever your hacker was.
I started a fresh database – but now I have a backed up database with 4 000 articles. Is there an sql diagnose program to scan and repare the db with before importing?
Did you use the WP Export functions to get your posts out? If no, re-importing only part of a DB could be dicey because you have to preserve a bunch of cross-links between the tables.
I don’t know of any scanner that will scan a .sql file for problems but if you open the file in a text editor it is pretty easy to read. Look for bits that look like code because there really shouldn’t be much of it. If you find some make sure you know what it does and make sure you put it there.
Thanks! Unfortunately we exported in phpmyadmin. By crosslinks do you mean hyperlinks in articles and releated posts functionality?
Cross-links are the entries in one WordPress table that relate to another, the dicey part being if you don’t restore a table that another one references.
By crosslinks do you mean hyperlinks in articles and releated posts functionality?
No on the first part. Hyperlinks should be OK. Other things might be effected. Comments are stored in a separate table from the posts and crosslinked to the posts table by means of the post ID. You’ll have to be careful to keep those associations or your comments will be associated with the wrong posts. Meta data like author data could be effected since the post author is stored in the post table as a number that references a row in the users table. See what I mean? When you exported via PhpMyAdmin, if you exported using ‘add auto-increment value’ (which seems to be the default) then you should have all the information you need. You can probably just import the wp_posts, wp_postmeta, and wp_comments parts of your .sql file and get most of it back. You’ll have to comment out the other parts or cut and paste the parts you want into another file in order to avoid importing everything. This won’t get your user data back, and it will mean that your author data is messed up. It doesn’t seem wise to reimport the wp_user or wp_usermeta parts though.
- The topic ‘Probably hacked – must change capabilities in phpmyadmin’ is closed to new replies.