WP login issues

RonaldS

RonaldS

New member
Jun 17, 2010
288
1
0
The admin password keeps changing without me authorizing it. I've gone in the back end through phyMYAdmin to change the password to something different, which works for a few hours, but then stops working again. I'm up to date with my WP version and hosed on GoDaddy.

Any ideas?
 


Disable your plugins, 3rd-party themes and check your server for new files added and existing files for modification (i.e. theme files, header.php, footer.php). Then make a new account (admin privileges) in WP and delete the default admin account.
U might be hacked.
 
hmmm.... is there any way I can find out what is the md5 or phpass code that wp is using for my password under phpmyadmin. Right now it states, $P$B....... and I first wanted to find out whether this coded password was the same as mine
 
Honestly you'd have to crack the phpass password. I have had to do it before and it can take quite a bit of time. One way to kinda cheat is to install another wordpress install in another directory and set the phpass to the password you think it is and then compare the two passwords. If they are different then obviously the password has been changed.

I also recommend checking out fiverr for gigs that will help investigate hacked wordpress sites as they will help you determine if and how and attacker got into the site to modify the password.
 
alright guys this is what i tried out.

I opened my wp-admin page on chrome and IE, i reset the password to "jake" and logged in successfully via chrome, immediately after logging in with chrome, i tried to log in on IE with james and it came invalid. Then with the chrome dashboard page, i navigated to the users section and changed my pw to "john". I then tried to log in with IE using john and it comes invalid..... All this happens within around 2 seconds of me changing the pw to john.


I need help
 
Disable every plugin you have installed, revert to Wordpress default theme and try again. You might been hacked. If this doesn't work backup your database and reinstall wordpress. This might be an upgrade issue with Wordpress too.
 
In phpmyadmin, you can enter/edit the password field in plain text, then on the dropdown for data type, change it to MD5 (this is only 1-way, won't do MD5 to original text). Do it manually this way and note the generated MD5 string so you will know if it gets changed.

If your phpmyadmin doesn't have an MD5 field, it's in bad need for an upgrade.

From what you said recently, I am thinking you're probably not hacked, but have some conflicting plugins with wordpress and/or your browser plugins.
 
Alright I also noticed something else. When I enter a wrong pw I get the message saying that pw entered is wrong, but when I enter the right pw the page simply refreshes the screen and I'm back to the wp-admim page.

Reading about this online I realised it happens when the siteurl and blogurl are different, but in my case both are the same I.e. www.abc.com/blog/

Any ideas?
 
check your wp-config file. You can append a line of code to override the admin password. It's one of the ways you can access a wp site you do not have mysql access to.
 
Either from the command line, or in the "SQL" area of mysqladmin:

update wp_users set user_pass=MD5('whatever') where user_login='admin';

If that doesn't work, you either:
- Have been hacked.
- Have some kind of plugin or cache-based issue.
 
You might be hacked, so disable plugins and lookout for any links in your theme. Don't change your password in myphpadmin, change the email under the users table. Then request a new password.
 
BREAKING NEWS


Hey guys, i just found out that if i go to wp-admin i cant log in(it doesnt even say that my password is wrong, the page simply refreshes)

if i go to the wp-login.php page then i can log in correctly.



any help?
 
RonaldS said:
BREAKING NEWS


Hey guys, i just found out that if i go to wp-admin i cant log in(it doesnt even say that my password is wrong, the page simply refreshes)

if i go to the wp-login.php page then i can log in correctly.



any help?
Click to expand...

You can fix this in htaccess. Your host has probably got a script adding stuff (rewrite rules) to htaccess whenever you do certain things in the godaddy's control panel and overriding whatever is above it.

Make sure the wordpress stuff is at the bottom.
 
You must log in or register to reply here.
Top Bottom