Sanjeev Sabhlok's notes on technology, hardware, gardening

Recovery from hacking or damage of blog

Despite taking great precautions your WordPress is almost SURE to be attacked today. Hackers abound. Be prepared to recover your blog!

Addendum. A hacker might not be able to prevent you from getting back into your blog (see steps below) but might put an offensive msg on your blog. That can be fixed by (a) install ANOTHER theme and see if it is visibile. That shows that your theme has been damaged. (b) Delete your old theme, and reinstall  a fresh copy. Activate it. Back to normal. 


[Complete Word file]

Step 1: Download and backup whatever you can

Start a download from FTP, just to be safe (if you can!). This should not be necessary, since you should have an active backup system, anyway.

Step 2: Troubleshoot the source of the problem

1) The SQL database (user) might have got corrupted

Hackers tend to change username and email of the blog user. Locked out of the blog!

Here's what to do if you are locked out of the blog.

Scenario 1: "Sorry, but you don’t have the administrative privileges needed to do this."

Same instructions as below.

Scenario 2: Can’t log in and can’t reset email

What is to be done if a hacker steals your password or otherwise hacks into the blog and prevents you from logging in? This happened to me on 26 March 2011. I suddenly found I could not log into and was told that my password is wrong. Password reset would not work since the hacker had changed the email.

Solution: Fix the user in phpMyAdmin SQL database

Fix the password (details here) (select user/ browse/ edit). In my case the hacker had changed email to something in france (?). I changed back to my email ID, then used the login screen to reset the password. Then go into the blog and change to another password. 


Note the image of the hacked screen (I've BLANKED OUT MY USERNAME and other security information) but allowed the hacker's fake ID to be visible).

Through phpMyAdmin

This article is for those who have phpMyAdmin access to their database. Note: use phpMyAdmin at your own risk. If you doubt your ability to use it, seek further advice. WordPress is not responsible for loss of data.
Begin by logging into phpMyAdmin and click databases.

Image #3

  • All the tables in your database will appear. If not, click Structure.
  • Look for wp_users.
  • Click on the icon for browse.
  • Locate your Username under user_login
  • Click edit

Image #5

  • Check that your password is actually correct, and that MD5 is in the box.
  • Click the 'Go' button to the bottom right.
  • Test the new password on the login screen. If it doesn't work, check that you've followed these instructions exactly.


MAKE SURE TO USE THE MD5 OPTION – without it the password WON’T WORK
Typically you lose widgets/ widget area after a hacking incident. Reconstructing them is not possible without uploading back an old database. But the database greater than 50MB can’t be restored using phpmyadmin. Tables are individual entities in a database. eg: in the wordpress database tables are users, posts, settings etc. 
Use in ~/sabhlok-backup. To restore dbdata.sql run: ./ dbdata.sql. Note: the full command is outlined here. An old database was uploaded, but unfortunately it did not have the widget arrangement. One last go – at using a later version of the backup.
In some cases the hacker not merely replaces the user name and account but deletes key files. That can made the wordpress installation defunct.
This may not always be necessary. At times this may require deleting existing installation and reinstalling it.
It is crucial to upoload the wp-content folder and uploads folder from the Amazon backup. (if prosumer theme doesn't work, then reinstall it)
Download and install prosumer theme again. The two key files are head.jpg (the main header) and you.jpg which replaces the woman with a cherry. Fortunately the Amazon backup contains these files. That had to be FTP'd, and for some reason it would not over-write existing (new) files. That meant a forced upload.
Go to myPhPadmin, then relevant database, and then upload the SQL file that has been saved under uploads on Amazon. This works for small database files.
Go to myPhPadmin, then relevant database, and then upload the
With great effort I found the core file (under the wordpress theme – whitehouse) and changed the functions_libraray.php file. That, however, did not help. So I renamed whitehouse theme to whitehouse2, and lo and behold worpress came alive.
That was the problem, so I reinstalled a whitehouse version. And saved the XML file.
This happened again recently when all widgets seemed to disappear. The solution was:
Rename to whitehouse2, install a fresh version, and delete whitehouse2. instantly came back to life.
The last time I had a peculiar problem I had to overwrite a main directory (not sub-directory) .php file (I forget which). Everything came back. NOTE THAT THE MOST IMPORTANT FILE IS CONFIG.PHP
A typical problem is plugin mismatch.  When that happens, all sorts of weird things can happen.
1) FTP to the site and rename the plugin folder as something else. This inactivates all plugins.
2) Re-active plugins one at a time and check which is causing grief. Since I have 50 odd plugins this is quite a nuisance.  It pays to DELETE plugins that you are not using. In my case, I'm building this blog post to record all the ones that I'll be using. Everything else needs to be deleted.
I upgraded WordPress (it asked me to do so!) and now I get this msg:  "Sorry, but you don’t have the administrative privileges needed to do this." That was a disaster! I searched the internet and found this solution. 
Go into Themes (under wp-content) to your theme. Within that you'll find 'core' then under /functions you'll find  the functions_library.php file. 
Open the file for editing.
You will see 
function checkauthority(){
if (!current_user_can('edit_themes'))
wp_die('Sorry, but you dont have the administrative privileges needed to do this.');
Replace it with
function checkauthority(){
if (!current_user_can('edit_themes'))
This worked for me. I find this whole WordPress thing such a mess, but one has to learn to live with it.
In the wp-config.php, change define(’DB_CHARSET’, ‘utf8′) to define(’DB_CHARSET’, ‘utf-8′)
Open up ‘wp-config.php’ from the root directory of your WordPress installation.Add ‘//’ at the very beginning of these two lines:define(‘DB_CHARSET’, ‘utf8′);define(‘DB_COLLATE’, ”);So that section should now look like this://define(‘DB_CHARSET’, ‘utf8′);//define(‘DB_COLLATE’, ”);
I accidentally put the double // on a previous line. Be careful. This does work.
1) Remove everything from searchform.php
<form method="get" id="searchform" class="" action="<?php bloginfo('home'); ?>/">
<input type="text" value="<?php _e('Search',TDOMAIN);?>" name="s" id="s" onfocus="if (this.value == '<?php _e('Search',TDOMAIN);?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e('Search',TDOMAIN);?>';}" />
<input type="image" value="Go" src="<?php echo THEME_IMAGES;?>/search-btn.png" class="submit btn" />
2) Delete the stuff in red from I forget which php file.
 <div id="sidebar" role="complementary">
global $sidesearch;
<div id="sidesearch" class="fix">
<?php include (THEME_LIB . '/_searchform.php'); ?> 
<?php endif;?>
<div id="widgets">
<?php if(VPRO) include(THEME_LIB.'/_grandchildnav_pro.php');?>
<?php if(pagelines('the_sidebar', $post->ID) == 'secondary'):?>
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar('Secondary Sidebar') ) : ?>
<?php _e('The secondary sidebar has been selected but doesn\'t have any widgets. Add some widgets to your secondary sidebar in the admin under appearance > widgets.',TDOMAIN);?>
<?php endif; ?>
<?php elseif(pagelines('the_sidebar', $post->ID) == 'short'):?>
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar('Short Sidebar') ) : ?>
<?php _e('The short sidebar has been selected but doesn\'t have any widgets. Add some widgets to your short sidebar in the admin under appearance > widgets.',TDOMAIN);?>
<?php endif; ?>
<?php else:?>
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar() ) : ?>
<?php if(!pagelines('sidebar_no_default')) include(THEME_LIB.'/_defaultsidebar.php');?>
<?php endif; ?>
<?php endif;?>


View more posts from this author

Leave a Reply

Your email address will not be published. Required fields are marked *