So, I have an admin user on Wordpress, I can login, I can post, update, install plugins, etc.
But when I try to find my user name, or email on the database wordpress is using (in wp-config file), I'm not able to locate it. and mine is not the only user I'm not able to find in the database.
Now,I got to this discovery, because our wordpress site was hacked not long ago, I'm going through the files, and I see some random code on the top of index.php or other files.
I clean and get rid of this code, and files too ! ( aindex.php, ajax-index.php. etc.)
At some point in the middle of the night, some files is creating this files, and inserting this random code again. SO I need to do this everyday in the morning, otherwise the wordpress admin doesn't work. Any insight on this too, will be very appreciate it.
Anyway, it is possible that whoever hacked the site, is making wordpress to store new users on an external database ?
Thanks, any help will be appreciate it.
Note I'm using: Wordfence, WP security, Cerber Security, Defender, iThemes Security to help scan the files.
In relation to your first point, users are not stored in wp-config.php. They are stored in the database - you can access the database via your domain.com/phpmyadmin (depending on the database manager you're using).
Within the database tables you will find wp_users and wp_usermeta where the information you are looking for will be stored.
You can have a look at this page for some more information.
Related
I have a backup of the entire Wordpress folder of one of my old websites but, unfortunately, I forgot to also make a backup of the database for it. It's been years since the website expired so there's no way I can get the SQL file that way, and both Wayback Machine and Google don't seem to have any caches left of it (a tutorial I saw mentioned trying that way).
Is it still possible for me to get the website working for local use?
Yes and no, depending on what you are willing to do.
Is it still possible for me to get the website working for local use? No
If you have no database you will not have access to the Posts, Pages, Users, Options and all of the meta.
Is it still possible for me to get the website working for local use? Yes
If you create all of the database entries again to your satisfaction. You will still have all of the images you can re-upload to recreate the database entries for images. Then just re-create all of the pages and users as needed. Plugins may need to be disabled/reactivated/reinstalled and configured as well as your theme settings.
Try https://web.archive.org/ , you might be in luck there. Without sqldump its not much to do. If you had a cache plugin active, check if you have any snapshots.
As a Administrator of my website (Wordpress with Woocommerce), I am unable to logged in on my website's wp-admin panel. Then I tried to log in from another user name and it got successfully logged me in, then I saw the name of my admin user has been changed. I am amazed how it was happened? who did it? and why ?
Please suggest me what should i do ?
How to avoid such incident again ?
Incase the culprit who did it, In the next attempt, if he/she changes name of my second user of wordpress, what i should do ?
I am afraid if the culprit change the names of my all wp users then what should i do?
It seems a hacking attack.
So I suggest you first , upgrade your plugins and themes.
Then don't forget to scan your whole site with wordfence.
Then secure it with wordfence , I suggest to use it's pro version, I really feel it useful.
Then tell your hosting to scan and make sure no security issue there.
Note : Don't forget to remove your ftp and extra admin or change their password at least.
Your task is done ..
Still confusion, consult with an expert like me.
Block or delete the mentioned admin account
Install a security plugin like Wordfence
Scan your whole site (with the plugin), it's very likely a backdoor has been installed for future attacs
Change all passwords of admin-accounts and advice your users to do the same
Change the passwords of your FTP, database and possible webserver-interface (if the username was changed, it's likely done directly inside the database)
My apologies in advance if I am posting it in the wrong forum.
I have a WordPress site. Every couple of days, a new user is added as an "Administrator" as shown below
I have changed my password many times using complex passwords but to no use. I even searched on Google and have read links like this one.
I have also unchecked the option "Anyone can register"
However, I am unable to stop them from registering.
Fortunately, no malicious activity has been noticed (Ex: Deletions/Unwanted posts etc)
Please advise me on what I can do to stop these?
You clearly have a more serious compromise, like an uploaded malicious script or an unpatched vulnerability. You need to rebuild your site from scratch (clean install of the current versions of WP and any plugins and themes, using a known-good database export) ASAP before something really bad happens.
Unfortunately, it's impossible to say what happened without digging through your server. My guess is that somebody exploited a vulnerability and uploaded a script. It could be anything - an hole in the WP core, a plugin, or a theme; a malicious plugin or theme; a stolen password; a breach of another site on the same server; or a number of other things.
Regardless of what happened, the only safe fix is to rebuild the site. If you have data backups, you can achieve this in a few hours.
I strongly recommend installing the security plugin WordFence to help prevent similar problems in the future. (I have no affiliation with WordFence, but use it on a number of sites.)
Finally, you might want to read this discussion on security.stackexchange.com. The consensus in this situation is "nuke it from orbit." Good luck!
Someone is making a SQL injection in your site.
If you want to prevent this in future, you should do some things.
Rebuild your website from scratch.
Install some of the security plugins, like Bulletproof Security, Wordfence, iThemes Security. I suggest you to buy the license of Bulletproof, or use the free version + one of the others. And be careful for the equal settings.
The most common attack are with SQL Injection XSS, Plugin exploits and of course brute-forcing the admin pass. You should upgrade every plugin and Wordpress every time when you see a new version.
Use less plugins. They are one of the main reason for hacked websites. If you use Linux, Ican tell you how to scan your website for vulnerabilities. Or just tell me the url, and I will tell you the results.
Also change your /wp-admin path, there are a lot of bots who search the web and make bruteforce attacks.
Also is important to use different admin username from admin or Admin. And use strong passwords. It's a good practice when you make a new Wordpress installation, to do two more users. The first will be an Author and will post everything in the site, the second you should make with Administration role. After that delete the first admin user and start the new one.
Hackers knows that almost every time the user with id:1 is the admin, so they can try to access again. So in this case your admin will be with id:3, and again don't use username like admin and etc.
Best regards and wish you luck.
Kasmetski
Check index.php, wp-admin/index.php to see if they have been modified. Usually the following line of code is added to the top of the index.php file. A code starting with 'required' is usually added.
The file being ‘required’/’included’ here contains malicious code which is executed along with each run of WordPress. Such code can generate fake pharma pages, Japanese SEO spam pages and other malware infections.
Delete the #require code from the file after comparing it with the contents of the core WP files from it’s GitHub repository.
Check if there are any new files in the root of the server or /wp-admin folder that were not created by you. Some of the files that you may find are:
Marvins.php
db_.php
8c18ee
83965
admin.php
buddy.zip
dm.php
If you find any of the above suspicious files, take a backup and delete them.
Source: https://www.getastra.com/blog/911/fix-wordpress-admin-dashboard-wp-admin-hack/
I'm new to wordpress and I need to create a wordpress that allow the administrators to share information and files with users (word, excel, pdf, images, etc).
Each user will have a password and the files are only shared between the user and the administrator (there's no sharing between users).
Maybe that can be accomplished with a post or page targeted for every user. The user would have to be logged to access the page/post and should be able to add content and files. That way the files and info will be only shared between that user and the admin.
Is this a correct approach or there is a better way to do it?
Thanks
Gonzalo
WordPress Download Manager helps you in managing, tracking and controlling your downloads in a more efficient way. You can set access levels, you can add/embed downloadable files anywhere in the post by copying and pasting the embed code.
For more info :
http://www.wpbeginner.com/plugins/how-manage-track-control-file-downloads-wordpress/
I'm looking for a way to have users register on a multisite setup and have a blog automatically created for them... no, not the way the standard ms registration system handles it. I want to get rid of the second step in the process completely. They register as 'user', and a blog is automatically created at http://my.site.com/user for them.
Followup question... anyone know of a way of automatically pruning the multisite platform? IE, users who don't login for 'x' timeframe (or after a certain time period has elapsed) automatically have their site deleted.
Just make one pure copy of Wordpress files and database layout just after wordpress instalation. When you will have it, after user complete registration just copy files from original directory like "_original_wordpress" to "username_dir", and create new database or just add tables with username_ prefix in them. Also you have to cofigure config.php or whatever there is in wordpress that contains database data.
As for 2nd problem - use CRON. Write script in PHP that lists all users who was last active before month ago, delete tables from database in MySQL and dir "/username/" and it's gone :) And so that it would be executed regulary, just put it in CRON like every day once?
Well thats just one of the way to solve any of your problems but it look very simple.