Screwed up WP Dashboard... help!

11 replies
Ok. So I've been trying to delete and fix a bunch of hacked files on one of my sites. In the process, it looks like I did something bad, because now I can't get to my WP Dashboard. The site itself is fine. I just can't get into the WP Admin area.

It goes to a blank page now. I've checked the index.php file for the dashboard and it looks like I think it should, but I can't get in. I've also looked at all the index.php files I could find in the other folders. The thing is, i don't know what to look for. They messed up several files and I might have deleted something I shouldn't have.

In desperation, I'm thinking of uninstalling Wp on that site and reinstalling it, but the options to leave/delete the database/directory/folder are puzzling. I tried to backup the db just in case but for some reason my passwords/username aren't working.

As it pertains to deleting the database in WP installations, can someone explain what is the
- database
- directory
- folder

Since I want to save my content, I'm guessing I need to save the directory or folder??? But of course I don't want to leave any hacked footprints.

Can someone point me in the right direction to fix the access problem or reinstall the entire program without losing my site?

Thanks.

Sylvia
#dashboard #screwed
  • Profile picture of the author Clarence Chan
    Are you exporting your database via myphpadmin? If not, you can manually export it from there.

    You might also want to try to disable your plugins via cpanel by renaming each folder. If that fixed your issue, try rename them back to its original name one by one just to see which one is the problem. If you can find what it is, then uninstall it. Then just reinstall a new one.
    {{ DiscussionBoard.errors[10925873].message }}
  • Profile picture of the author sylviad
    Thank you, Clarence.

    I don't think I was in myphpadmin, so I'll check there. I didn't recall having to supply my password/usernme before when I backed up other databases.

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10926201].message }}
    • Profile picture of the author Clarence Chan
      Originally Posted by sylviad View Post

      Thank you, Clarence.

      I don't think I was in myphpadmin, so I'll check there. I didn't recall having to supply my password/usernme before when I backed up other databases.

      Sylvia
      Where you able to solve the issue?
      {{ DiscussionBoard.errors[10929781].message }}
      • Profile picture of the author sylviad
        Originally Posted by Clarence Chan View Post

        Where you able to solve the issue?
        Thanks for the follow-up, Clarence. I'm not sure what I did... went into myphpadmin (I think) and reset my password... went back to Softaculous/Installations... and was able to backup the database fine. So maybe I changed the password somewhere and it didn't migrate over to the Wordpress backup area.

        And I successfully copied the new wp-admin file to this site and my Dashboard works fine.

        but then...

        After going through my entire CPanel to fix and remove hacked files, I discovered that some of the malicious xml files I deleted had been regenerated from somewhere. In another thread, I've discussed this: How the heck are they getting in? and I've found out that the htaccess file is where the hackers do something to hack your WP. I can't access it because it's a hidden file and CPanel doesn't give me the option to view those files. AND I wouldn't know how to fix it anyway. So I'm not sure what to do now.

        Sylvia
        Signature
        :: Got a dog? Visit my blog. Dog Talk Weekly
        :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
        {{ DiscussionBoard.errors[10930466].message }}
  • Profile picture of the author Yvon Boulianne
    try downloading the wordpress source files and unzipping them over the old installation, will replace files you delete and may fix everything..

    If that don`t work also remove all plugins (moving theme to a /backup subdirectory)..once it work just put them back in the /plugins directory one after another...

    Good luck
    {{ DiscussionBoard.errors[10926260].message }}
    • Profile picture of the author tmnsky
      Originally Posted by Yvon Boulianne View Post

      try downloading the wordpress source files and unzipping them over the old installation, will replace files you delete and may fix everything..

      If that don`t work also remove all plugins (moving theme to a /backup subdirectory)..once it work just put them back in the /plugins directory one after another...

      Good luck
      This should do the trick. I've been in your shoes before. Also, don't neglect to have regular backups of your site and DB!
      {{ DiscussionBoard.errors[10926431].message }}
  • Profile picture of the author jbyte
    Depending where you are hosting the site, you may be able to restore from a working backup.

    This could help you restore the site - but the fact remains it was hacked once and can be done again. Make sure your password is secure and all items are updated.

    Try using https://sitecheck.sucuri.net/ afterwards to check and see if there are any bad malware installed or better yet clean out the wp site manually by going through the plugins and core files.
    Signature

    I fix WordPress problems, PM me if you need help

    {{ DiscussionBoard.errors[10926806].message }}
  • Profile picture of the author hamidul1
    First take backup , and delete wp-admin folder and download new from wordpress .org . only upload wp-admin folder again . that's it .
    {{ DiscussionBoard.errors[10926827].message }}
    • Profile picture of the author sylviad
      Originally Posted by hamidul1 View Post

      First take backup , and delete wp-admin folder and download new from wordpress .org . only upload wp-admin folder again . that's it .
      Exactly what I had in mind. I did an install on an unused domain folder and plan to move the admin files from it to my active site.

      I also found several backups of my entire CPanel which look okay. Interestingly, one was done in May but looks okay. Probably backed up before the hacking but I'd hate to reinstall hacked files after 4 days of scouring every single folder and file in CPanel.

      I've made some interesting discoveries through this process and will post them here later in the hopes it will help others in this predicament. Apparently it's a quite common hacking method.

      Sylvia
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
      {{ DiscussionBoard.errors[10928862].message }}
  • Profile picture of the author mrtom414
    all your access information for your site will be stored in wp-config.php. The only other folders you need to be concerned with is your wp-content folder.

    The wp-content-folder containes your themes and plugins also you should check the image folders if you uploaded any images.

    You can delete everything else and reload wordpress and then add the wp-config.php files and wp-content folder back into your new installation.

    Deleting the files will not effect your database data. If you feel safer you can use an ftp program to copy everything back to a folder on your computer. It easier and faster to use an ftp program than cpanel to work on files.

    Also it better to wipe everything to make sure you get all infected files.
    Signature

    Wordpress Themes and Plugins http://www.themefury.com

    {{ DiscussionBoard.errors[10969550].message }}
  • Profile picture of the author sylviad
    I can't believe I started this thread Nov. 21. Success, however, thanks to all of your suggestions and ideas. They're still getting in and changing things in my sites but Wordfence is doing a good job of stopping them and letting me know what happened so I can go in and fix them. Unfortunately, this takes constant monitoring by me to fix everything. What a pain in the butt!


    I've changed passwords to something humungous, deleted a bunch of malicious files and code, yet regularly there's something else. Wordfence enabled me to block a whole bunch of countries. Since my sites aren't really relevant to anyone overseas, it made sense to just block them. As it turns out, a bunch of malicious attempts were made by the Russian Federation, China mostly. Lots of people trying to get my login info. They get my usernames from somewhere.


    I found the access to show hidden files and was able to monitor them as well, which I hadn't been doing before.


    Why can't the host provider block such attacks? Obviously many get through when programs are upgraded or updated, but they got into my entire Control Panel.


    Anyway, for now at least I've got a good handle on things even if it means fixing stuff on a regular basis.


    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10973959].message }}

Trending Topics