Locked Out from Your WP Site? Here’s What You Should Do
So did your WordPress site just got hacked? All your content would be at risk then, and in some cases, you may even get locked out of WordPress . What do you do then? Go back to ground zero, and rebuild everything again? Not really, even though it may seem a more appealing and less complicated option. Without redeveloping your WordPress website, you can still fix the issue, regardless of whether you have or don't have access to the admin account or database.
The process that we're about to suggest can even be utilized when you don't have any backup to restore content and configurations from.
Let's get down to it!
First and foremost
If you can't access the WordPress admin dashboard, you should connect to the database, which you should be able to access, because usually it's not compromised if the hacker enters your website through the front end. Recover your content and then move it to a new location. Change credentials for the admin account, and then reset the site.
There can also be instances when the hacker gets in through the back-end, which means access to the database would be locked. In such a case, you usually enter through the front end and then initiate a cleanup process.
Back up your data and configurations
A safety measure that can prove to be valuable in many situations. You may have deployed the best security controls and be using all necessary security plug-ins, but your site is still exposed to some risks. If you haven't backed up your website ever, now is the time to do so. In case, the site crashes down, or you're locked out, you would still be able to restore content. So be prepared, now and always.
Access your database
The database of your WordPress website can be accessed through phpMyAdmin, cPanel, and SSH. Use your credentials to log in to the account, and then access the phpMyAdmin interface through the Databases menu. Once the page has loaded, locate the name of your database from the column on the right, and then click on it. You should be able to see a complete list of all the tables.
If you aren't sure which database is associated with your WP website, you can check out the wp-config.php file. Visit the File Manager Menu through the files tab. Select the root folder of your website and open the wp-config.php file, install in the location by clicking on the Edit button; if a pop-up is displayed, choose the UTF-8 option from the drop-down menu, and then press the Edit button. Now browse the file to search the name of your database. Locate the following piece of code, and note down the name of the database at the highlighted position.
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
/** MySQL database username */
/** MySQL database password */
/** MySQL hostname */
Your wp-config.php file should show the actual database name at the position of databse_name_here. Now select this name from the phpMyAdmin panel for managing your WP website through the database tables.
Check the DB history
Go through the history logs first before you begin making changes to the database itself, and note any unusual thing that you may come across. If any of the tables seem to have been accessed or modified, and not by you, then it would probably be the hacker at work.
So why should you check out history? Here are the two main reasons for doing so.
Adding legitimate entries to history isn't recommended because it unnecessarily creates more items, which later have to be sorted out. Obviously, with more things to browse, it's difficult to figure out where the hacker had infiltrated and entered your website.
The phpMyAdmin portal records only the last 25 actions, which you should go through before you make any changes. When you start work on alterations and begin accessing the tables, you would be erasing all previous entries that could provide potential clues on the hack.
If you can identify tables that were modified, you can either fix or export them. Edit the changes and then save the content again.
Locating the DB history
Click the Console button, located at the page's bottom. Now click the History button near the top of the screen to view the last 25 actions taken for the database. Hover over the entries to find out more details such as date, time and the infected DB's name. Check the logs, and see if changes were made or if only the tables were accessed. When you've identified the targeted tables, note down their names. You'll be exporting and fixing these later onwards.
Change your wp_site_meta_credentials
Account details can be edited through the DB, meaning that you would be able to log into your WordPress website once again. Find the wp_userstable, and see if you didn't create any doubtful accounts. You should delete all of these entries to prevent the hacker from further accessing your website.
Also, go through the table and site_admins field. See if any of the accounts have been tampered with. If desired, you can even change your email address and password to make your account more secure.
Select the database of your WordPress website through the phpMyAdmin panel, and then select the wp_users table, which should show a complete list of users on our site. Now find your particular account and click the Edit button next to it. Change the password by clicking on MD5 from the user_pass drop-down menu.
Replace the value given in the field with a new password. The password would be unencrypted when added, but as soon as you save changes, encryption is carried out automatically. For changing the email address associated with the account, replace the value in the user_email field with your new preferable address.
After all, changes have been made, select the save option from the dropdown box, and then click Go located on the bottom of the page.
Creating a new admin account
Generally, when your website has been hacked, the best way forward is to create a new admin user account to ensure a higher security level from then onwards. You can skip his step if you're entirely sure that you were locked out from your account due to a mistake - in such a case, changing your password through the DB tables should be sufficient.
Once again, access the wp_users table through the phpMyAdmin account. Now click on the insert tab on the Menu Bar, and fill in the required fields. The ID is an alphanumeric code for the account input a number that hasn't been used. user_login is the username which you will use for logging into the account.
user_pass is the password; like before, select MD5 from the drop-down menu, and then enter a password. User_nicename is a nickname, user_email is the associated email address for the account, and display_name is the name that would be visible from the front end of your WP website. In the user_registered field, select the current date. Insert 0 into the user_status field. Click the Go button.
Until now, you've only created a user account. Now you have to grant admin rights to this account. Select the wp_usermeta table, and then click on the Insert tab. The umeta_id field can be left empty, but you'll still have to fill up all other fields.
user_id is the same id that you set just a while ago for your newly created account. In the meta_key field, input wp_capabilities, and for the meta_value field, type the following in the text box.
Click Go so that all changes can be saved. Click the Insert tab again so that a new row can be added to the table. Once again, let the umeta_id field remain empty. In the user_id field, select the same id as before. For the meta_key and meta_value field, enter the following values, respectively.
Click the button again so that you can start using your newly created admin account.
Move the content
Access the admin dashboard with the account that you just created, and begin exporting your content. In case, you still can't access the front end, transport the material through the database as an SQL file or the phpMyAdmin panel.
That should fix things up. If you're still facing issues, consider bringing professionals on board and let them deal with your hacked website.