Support » Fixing WordPress » WP login page changed…and I’m locked out.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator t-p

    (@t-p)

    I’m not sure if my website was hacked,

    Install the plugin Wordfence plugin and scan your site.

    If wordfence comes clean, then try:
    manually resetting your plugins (no Dashboard access required). If that resolves the issue, reactivate each one individually until you find the cause.
    – If that does not resolve the issue, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, navigate to /wp-content/themes/ and rename the directory of your currently active theme. This will force the default theme to activate and hopefully rule-out a theme-specific issue (theme functions can interfere like plugins).

    Outdated WP:

    Looks like you are running an outdated version of WP — WordPress 4.3.22 !!!!!!!!

    All older versions are susceptible for security issues.

    Consider updating WP to its latest version 5.3.2

    Thanks for the reply. I de-activated the plugins, no luck there, so I reactivated them again. I changed the theme folder name also but it made no difference, not to the issue at hand anyway, I changed that back also.

    An observation on the password I changed in phpMyAdmin, I saved it after the password change, but when you go back it didn’t actually save anything. I also copied the existing password from the field in phpMyAdmin and pasted it into the WP login, but that didn’t work either.

    I have Wordfence, I received a report from them today: Top 10 IPs Blocked/Top 10 Countries Blocked/Top 10 Failed Logins and 3 Recently Blocked Attacks(Blocked for Malicious File Upload (PHP) andBlocked for a Malicious File Upload in file: files=199877.php). I don’t know what it means but it sound quite ominous.

    Is it possible to update WP without access to the Admin page? Thank you.

    Moderator t-p

    (@t-p)

    I have Wordfence, I received a report from them today: Top 10 IPs Blocked/Top 10 Countries Blocked/Top 10 Failed Logins and 3 Recently Blocked Attacks(Blocked for Malicious File Upload (PHP) andBlocked for a Malicious File Upload in file: files=199877.php). I don’t know what it means but it sound quite ominous.

    I recommend asking at https://wordpress.org/support/plugin/wordfence/ so the plugin’s developers and support community can help you with this.

    Samna

    (@zahid334)

    Hi, here are steps you can follow to check or change the login URL.
    1. Login to cPanel and go to file manager.
    2. Then go to file manager > public_html and edit the ‘wp-login.php’ file.
    3. Search for ‘network_site_url’.
    4. You can change or view the login url from there.
    I hope this answer will help you.

    • This reply was modified 5 days ago by Samna.

    thanks for all the replies, I may have to take this to the Wordfence community if I don’t find the problem soon.
    I had a look around in the ‘wp-login.php’ file and found this:

    “wp_redirect( apply_filters( ‘wp_signup_location’, network_site_url( ‘wp-signup.php’ ) ) );
    exit;”

    Is this a problem? Should I change ‘wp-signup.php’ to ‘wp-login.php’? I don’t have user registration on my page. Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.