Help me log in to Wordpress.
June 9, 2011 8:36 PM   Subscribe

A Wordpress blog I manage has a contact form. I just found out the form was exploited and used as a spam relay. Now I can't login to the admin. Hope me, please.

Blog is hosted on GoDaddy (not my choice). When I attempt to log in, it says the username is invalid. When I use the "lost password" link it says that the username is invalid, and that there is no user with my email address.

I checked the database using phpMyAdmin, and in fact my username and email are there. I tried changing my password in phpMyAdmin to make certain I was using the correct password, but I still get the same errors.

Has anyone had this problem? What can I do to fix my login?

I am upgrading the plugin and fixing the problem of course. Once I get this figured out.
posted by TallulahBankhead to Computers & Internet (6 answers total) 1 user marked this as a favorite
 
You do not "fix" a compromised system. Delete, reinstall from your backups, learn about security.

phpMyAdmin just manages the MySQL database, which has its own username & password separate from the WordPress admin dashboard. That info gets entered into the wp-config.php file once and you don't need to reference it again. If I'm understanding your post correctly, it sounds like the database user/pass is the same as the WordPress admin user/pass... which is incredibly stupid.
posted by ferdinand.bardamu at 9:32 PM on June 9, 2011


Best answer: it sounds like the database user/pass is the same as the WordPress admin user/pass

I think that's a misreading. You can change a Wordpress password by editing the relevant database entry via phpMyAdmin. That's not the same as changing the DB password.

You can conceivably create a new user with admin privileges in phpMyAdmin, which should get you into Wordpress unless the compromise is sufficient to bypass the standard login script, but that should only be for the purpose of exporting content and theme files, before wiping your install and starting over. You should also dump the database, but don't try to reimport it wholesale. Write down any config settings that you'll need for the reinstall.
posted by holgate at 10:00 PM on June 9, 2011 [1 favorite]


Response by poster: Holgate has it, Ferdinand - the DB login is absolutely not the same as the Wordpress admin login. That would be incredibly stupid. But I do appreciate you upholding the Metafilter Standards of Condescension™. This place wouldn't be the same without it (grin).

And it sounds like creating a new admin user in the DB is the best solution - obviously I will be trashing the whole thing and reinstalling from clean backups, but since it wasn't originally my system I wanted to have a look around first if possible. Thanks!
posted by TallulahBankhead at 11:00 PM on June 9, 2011


In the wp-users table user_pass are encrypted. Probably MD5, so just changing it won't work. You have to find out the corresponding encrypted text for your new password and insert that to the DB.
posted by WizKid at 9:39 AM on June 10, 2011


Check this link.
http://codex.wordpress.org/Resetting_Your_Password
posted by WizKid at 9:40 AM on June 10, 2011 [1 favorite]


You have to find out the corresponding encrypted text for your new password and insert that to the DB.

phpMyAdmin gives you a dropdown for MD5 conversion when adding or editing rows.
posted by holgate at 9:47 AM on June 10, 2011


« Older Double-zero sept just isn't the same.   |   toke-lit Newer »
This thread is closed to new comments.