Tim Nash
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Changed URL, can no longer access Admin LoginMark – define hard codes the site and home url to allow access in these scenarios, the DB options are overridden. This allows you to login and change the options. You then remove the define to return to using the DB options.
Using update_options would not work as wp-config is the loaded before the options API, though at the moment the goal is to get back up and running, quickly so this route is simpler then explaining PHPMyAdmin
GSalgaller – the wp-config.php file will be in the root of your site (so using your FTP client or your hosts admin panel to access them) normally, it may also be one level higher. So if you have a public_html/wp folder it could be in either wp or public_html.
Once you locate it the original 2 lines I suggested are the correct way forward.
Forum: Fixing WordPress
In reply to: Successful login of unauthorized user to my blog siteHi Bev if you have any additional questions specific to your circumstances then you should start a new topic. See the forum welcome for more details on how and when to start a topic.
Unfortunately as in both of your cases it would appear both files and users are compromised I can only offer general advice:
The initial attack vector is most likely another theme or plugin and most likely using timthumb. Unfortunately at this point it maybe quicker and safer, to export the data or use a backup and rebuild the site.
If you don’t choose this route, you need to find the original attack vector and plug it, and any other nasties they have added. If this is a commercial site then probably getting someone to assist you.
Forum: Fixing WordPress
In reply to: Internal Server ErrorOk so when you say you have disabled the plugins, you renamed the plugin folder in wp-content?
Couple of things to try, in your ftp/sftp client, rename your .htaccess if you have one (you may need to set your client to show hidden files) has the site returned?
If so it may well still behave broken, but should let you get to the admin area, if you can then go to settings, permalinks and resave.
Have you contacted your host, did they suggest anything
Forum: Fixing WordPress
In reply to: WP won't log in. No error message.403 Forbidden, is usually server related, assuming you don’t have any security plugins enabled, I would recontact your host and check with them they haven’t done any changes to your site.
Also if you have access to your server logs it’s worth checking your error log to see if there is any errors. (Prior, to the 403)
Forum: Fixing WordPress
In reply to: Internal Server ErrorWhere are you getting this error, on the front or the back of the site?
What version of WordPress is it running?You mention you have disabled all products, do you mean plugins? or are you running some sort of e-commerce solution.
Do you have access to server logs, either from your hosts control panel, or sometimes in a folder called logs? If so can you access the error log which hopefully will have some additional information to diagnose the issue. If you don’t have access your host should be able to provide them.
Forum: Fixing WordPress
In reply to: Changed URL, can no longer access Admin LoginSo migrating from one URL to another is a little more complex then simply changing the URLs in the admin section.
Let’s first get you back up and running, open your wp-config.php file and add the following:
define('WP_HOME','http://gsalgaller.htvinteractive.com'); define('WP_SITEURL','http://gsalgaller.htvinteractive.com');This should allow you to now login at gsalgaller.htvinteractive.com/wp-login.php
You can now go to settings page, and reinput – gsalgaller.htvinteractive.com in both boxes. Once you done that you can go back into wp-config.php and remove the two lines we just added.
Once you are back up, you will want to talk to your host about switching the redirect from grantandrave.com to gsalgaller.htvinteractive.com around. They will either do it for you or give you step by steps on how to do it.
If they change it for you and don’t update WordPress you will need to do the same process we just did, but switching in grantandrave.com
Forum: Fixing WordPress
In reply to: WP won't log in. No error message.Just to check have you tried login in via Incognito mode in Firefox/Chrome?
Have you tried resetting your password?
If this works then it might be a cookie issue with your browser, failing that it’s worth disabling your plugins, as you can’t get to the admin area the best way to do this is using your FTP/SFTP client rename the plugin folders inside wp-content/plugins this will deactivate each one you rename.
Try login in again.
Forum: Fixing WordPress
In reply to: Resetting WordPress credentialsSo to confirm:
You don’t have FTP or access to the server
You don’t have WordPress credentials or even a username for any user
You don’t have access to MySQLYou are pretty much out of luck, if your client hasn’t got any of these, then without resorting to using a vulnerability in the software you won’t be able to gain access.
I’m afraid the client is going to need to gain at least some sort of credentials either from the developer or the host. As currently they do not “control” the site in any way.
Forum: Fixing WordPress
In reply to: Log-inDid you or another member of your team make any changes, perhaps you recently installed a plugin for example?
If you did you may wish to temporarily deactivate it, given you can’t get to the admin area, the quickest way to do this is to rename the plugin in the plugins folder, via your FTP/SFTP client, or through your hosts admin interface if they gave you one.
Forum: Fixing WordPress
In reply to: strang add to url ?help=0&_wpnonce=8954472d94I wouldn’t use robots.txt for this sort of thing, it’s really the job for rel canonical.
Forum: Fixing WordPress
In reply to: strang add to url ?help=0&_wpnonce=8954472d94You might wish to look at setting up rel canonical
https://support.google.com/webmasters/answer/139066?hl=enWhich lets you specify which URL you want Google to index, you can use a plugin like Yoast SEO to do this.
Forum: Fixing WordPress
In reply to: Successful login of unauthorized user to my blog siteA lot of sites reported seeing this username with a UID of 8888 in the user table about a year ago, it would appear that it was a common part of a payload being used to exploit timthumb vulnerability.
Check that the user is not in your database via phpmyadmin
Check your theme or another plugin is not using timthumbIf this is a commercial site, be aware it is almost certainly compromised and should be treat as such.
You are best of looking to get a professional to help recover the site, if the user logged in and could access the file editor (theme/plugin editor) or media uploader then they may well have planted other nasties in your system. Securi and similar might not necessarily detect a file outside of WordPress or sitting in uploads folder.
Forum: Fixing WordPress
In reply to: Redirect loop between wp-admin and wp-loginIf you go in an incognito window (Firefox, Chrome)
then go to mysite.com/wp-login.php
And login does it also cause this loop?Forum: Fixing WordPress
In reply to: Unable to "CROP" HeadersThis sounds like an issue with your theme, so I would first contact them, if you downloaded the theme from wordpress.org you can go to the theme page and click the support option. Alternatively if downloaded elsewhere then contact them directly.
Forum: Installing WordPress
In reply to: установкаЭто английские форумов. Вот русский вариант:
http://ru.forums.wordpress.org/