Not able to log into wordpress website.... self hosting on Azure - wordpress

When I try to sign into my websites wp-admin login screen it refreshes and redirects me to the login page. After researching this issue it looks like deactivating the plugins should fix the issue. However, when I try doing this from phpmyAdmin, it tells me that the UPDATE command is denied to user.
I have tried using the FTP client 'Fire FTP' to try and access my files but I do not know which username and password needs to be used (I have about a million at this point).
Is there somewhere in the Azure portal where I can edit my files and deactivate the plugins?
Other information: I accidentally deleted the file the had my Wordpress admin password, but I am able to log into Azure, and phpmyAdmin. I also have my cPanel login information but I cannot figure out how to access that either. I am also using a Mac.
Please help! I have a basic understanding of web development but not much and I have worked incredibly hard on my website business but this has been a rough setback.

Looking at your problem, FTP is your best option. You can define the user/password at the portal in your app service blade:
Login into the portal: https://portal.azure.com
Navigate to your app service blade
Look for Deployment Credentials and set your username/password.

I was able to resolve this. Turns out I had exceeded my database storage. Simply upgrading my plan fixed the issue. So if anyone sees this and has the same problem, make sue that your SQL db has enough storage available.
The plugins made me exceed my storage but I did not need to deactivate them.

Related

Wordpress JSON API only working when logged in

I seem to be only able to access the wordpress json api when I am logged in in wordpress (no matter which endpoint, even on GET mypage.com/wp-json/). When I remove all cookies or logout and call the endpoint I get redirected to the login-screen.
Is this the desired behavior when I do not use nonces?
This happens on our staging environment, on our live-page everything works, I get results from the JSON API even if I am not logged in.
We created the staging site with the plugin from https://wp-staging.com/
So maybe there is a setting missing which has not been copied over? Or can I turn off checking for authentication / nonces on the API somewhere in the wordpress settings?
It turns out that the WP Staging Plugin has an option to limit access to the staging page which is set to "Administrators" by default. Turned it to "Allow access from all" and now it works.
On a WP website that I was asked to work on - it took me a lot of hours on debugging my own code (initially), then to start investigating the theme and finally deeper in other plugins and wp-core...
After all that, I found that the plugin members has functionality to restrict the rest_api access only to logged-in users.
There is a setting for this in the settings page of the plugin.
REST API -> Require authentication for access to the REST API.
So, I am posting this here, in case it could help someone else to avoid the same headache I encountered with this.

Why does any changes are not reflecting into word-press website?

My client is using GoDaddy server hosting for WordPress website.If i update some changes in pages its will reflected only when dashboard is opened else changes are reflected after 4 to 5 hours.
I also contact with my service provider for cleaning cache, but its don't work.
I am not able to identity where is the problem.
This definitely sounds like a cache problem.
Depending on your website hosting plan, this can affect the changes you/other users see on the site after you've made changes to the backend. If you use a shared hosting plan, you share your website server with other websites which can slow the website and sometimes affect the cache.
Firstly, make sure you've removed cookies from your browser relating to the website in question. This can affect how the website looks until new cookies are saved from the website.
You can download a cache plugin 'W3 Total Cache' on Wordpress and this can be integrated into your website to flush the cash from the dashboard. However on a GoDaddy shared hosting plan, I've found this doesn't always work. Worth a try though!
In the same way that your web browser has a cache of recent web pages, your Internet Service Provider (ISP) may be doing some caching on your behalf.
This could be the problem, so you may have to communicate with your Internet Service Provider to fix this problem.
I would call GoDaddy customer service again beforehand and explain your problem in more detail.
This is not a server issue , this is a cache issue. You need to clear cache from you back end wp-admin. After that please check your changes with hard refresh browser ctrl+shift+R or ctrl+f5. Wordpress changes will be reflect on to front end.

Why can't I access my Drupal6 admin or pages?

I am reactivating an old Drupal project that was created by a past employee. He left no instructions on how to access Drupal. I gained access to the postgres database Drupal is using and changed everyone's password. I also made sure all users had administrator role and that administrator role has all permissions. When I log in with any of the users, I simply get "Access denied" for every page I try to go to. I've tried /admin, /user, /node, and several other pages. Changing the password definitely reset their password because I'm not getting an invalid login message, just an access denied message. The site is first being authenticated through apache using LDAP, and I made sure there are apache users that match the Drupal users. I am totally stumped. As I said, the person who did this project initially is gone and can't be reached. I have looked at several similar topic threads and can't figure this out.
have you enabled the ldap mod in apache?
try /?q=user
is phpMyAdmin installed? Check users there as well.

Drupal 7 security implementation

I have a hostgator website on which I installed Drupal. It was working fine until last weekend. I am primarily a .net developer and am not sure about the configuration of this open source application.
Recently, I noticed a large number of user accounts being created who never even logged in before. So, after setting up Google analytics, I determined that my site was hacked. I made this determination because the majority of the traffic and user flow is coming form RUSSIA, SERBIA and ROMANIA, hackers haven!
I realised that my website was not secure. So now I put the site into mainitainance mode, uninstalled the existing Drupal 7, and installed a new installation. It is very fresh now and I am on a mission to find some good security pratices.
I would like to know what security measures that I can implement other than these.
Also, how would I connect to my website's command line to change the file permission settings? Currently, I am using Filezilla and right clicking to change the properties.
Thanks, and apologies for the long question.
P.S. This is my website.
Hostgator provides SSH access. Use tool like WinSCP to transfer files and PuTTy to access command line. Once you get command line access, you will be hopefully able to install Drush on Hostgator. Drush will help you do many administrative stuff using command line and it is highly recommended to use. Since you are a .Net developer, I assume that you might be using Windows for development. Good news is that you can install Drush on Windows too.
Are you sure that your site was really hacked? Because, if you go to Account setting page (http://your-site/admin/config/people/accounts) and look under Who can register accounts?, you will see three options there. The default is "Visitors can create account". If you do not change this setting to something else, your new site will again face the same problem. Otherwise, you can select option Require e-mail verification when a visitor creates an account.
Another way to reduce number of spammers creating account on your Drupal site is to install CAPTCHA or reCAPTCHA module and configure it to show challenge to users when they create an account. This will block many spammers. You can also block specific IP range using Apache .htaccess file. You will find .htaccess file in your Drupal installation folder.
Another good practice is to periodically update Drupal core and contributed modules for security fixes. If you goto page admin/reports/updates, you will see what module requires an update. Command line and Drush will help you streamlining some part of this process.
If you regularly update Drupal (core & modules), use SSH for file transfer and apply correct file permissions, your site should be all secure. It is not that hard to maintain a secure Drupal site, given all the help is available for Drupal security team and Drupal community.
There is a Drupal Group (forum) that deals with Best Practices in Drupal Security that provides a number of excellent suggestions on how to secure Drupal sites. As for accessing your site via the command-line, I checked and Hostgator allows for SSH access on all of their hosting plans. You should be able to login via SSH, change to the sub-directory within your Drupal installation and change the permissions of a file or directory using the 'chmod' command.
Good luck!

Can a wordpress exploit give root access to a server?

I had a blog based on wordpress, v 3.1.2, the problem is the hosting company tells me a exploit gave access to hackers so they erased my files and databases, but also i found on pastebin the usernames and passwords to my parallels control panel(not the one of wordpress) and my password. See for yourself, available now only on cache:
http://webcache.googleusercontent.com/search?q=cache:QUq4z1nKabgJ:pastebin.com/n8gunbQx+invacib+pastebin&cd=1&hl=en&ct=clnk&client=ubuntu&source=www.google.com
The main question, getting those users/passwords can it be the hosting fault??? not associated with wordpress??
Yes it is the hosting company's fault. A hacker might have downloaded a database backup made by the hosting company of their clients info and shared these info in public.
A wordpress exploit, at worst, can only give the access the php has. If php has root access its the hosting fault for giving it root access.
What hosting company says you're out of date WP caused parallels to be hacked? Do you happen to know the version of parallels they're using? It is possible that the hacker put in a keylogger in WordPress and logged you typing in your parallel password. It is also quite possible if it is the host that I am thinking of that the passwords were easy to get. Of course, it is also quite possible that they got your passwords via a dictionary attack, especially if you used the same password and username or email on another site that was hacked.

Resources