Sanjeev Sabhlok's notes on technology, hardware, gardening

Tag: Wordpress

Recovery from hacking or damage of blog

Despite taking great precautions your WordPress is almost SURE to be attacked today. Hackers abound. Be prepared to recover your blog!

Addendum. A hacker might not be able to prevent you from getting back into your blog (see steps below) but might put an offensive msg on your blog. That can be fixed by (a) install ANOTHER theme and see if it is visibile. That shows that your theme has been damaged. (b) Delete your old theme, and reinstall  a fresh copy. Activate it. Back to normal. 


[Complete Word file]

Step 1: Download and backup whatever you can

Start a download from FTP, just to be safe (if you can!). This should not be necessary, since you should have an active backup system, anyway.

Step 2: Troubleshoot the source of the problem

1) The SQL database (user) might have got corrupted

Hackers tend to change username and email of the blog user. Locked out of the blog!

Here's what to do if you are locked out of the blog.

Scenario 1: "Sorry, but you don’t have the administrative privileges needed to do this."

Same instructions as below.

Scenario 2: Can’t log in and can’t reset email

What is to be done if a hacker steals your password or otherwise hacks into the blog and prevents you from logging in? This happened to me on 26 March 2011. I suddenly found I could not log into and was told that my password is wrong. Password reset would not work since the hacker had changed the email.

Solution: Fix the user in phpMyAdmin SQL database

Fix the password (details here) (select user/ browse/ edit). In my case the hacker had changed email to something in france (?). I changed back to my email ID, then used the login screen to reset the password. Then go into the blog and change to another password. 


Note the image of the hacked screen (I've BLANKED OUT MY USERNAME and other security information) but allowed the hacker's fake ID to be visible).

Through phpMyAdmin

This article is for those who have phpMyAdmin access to their database. Note: use phpMyAdmin at your own risk. If you doubt your ability to use it, seek further advice. WordPress is not responsible for loss of data.
Begin by logging into phpMyAdmin and click databases.

Image #3

  • All the tables in your database will appear. If not, click Structure.
  • Look for wp_users.
  • Click on the icon for browse.
  • Locate your Username under user_login
  • Click edit

Image #5

  • Check that your password is actually correct, and that MD5 is in the box.
  • Click the 'Go' button to the bottom right.
  • Test the new password on the login screen. If it doesn't work, check that you've followed these instructions exactly.


MAKE SURE TO USE THE MD5 OPTION – without it the password WON’T WORK
Typically you lose widgets/ widget area after a hacking incident. Reconstructing them is not possible without uploading back an old database. But the database greater than 50MB can’t be restored using phpmyadmin. Tables are individual entities in a database. eg: in the wordpress database tables are users, posts, settings etc. 
Use in ~/sabhlok-backup. To restore dbdata.sql run: ./ dbdata.sql. Note: the full command is outlined here. An old database was uploaded, but unfortunately it did not have the widget arrangement. One last go – at using a later version of the backup.
In some cases the hacker not merely replaces the user name and account but deletes key files. That can made the wordpress installation defunct.
This may not always be necessary. At times this may require deleting existing installation and reinstalling it.
It is crucial to upoload the wp-content folder and uploads folder from the Amazon backup. (if prosumer theme doesn't work, then reinstall it)
Download and install prosumer theme again. The two key files are head.jpg (the main header) and you.jpg which replaces the woman with a cherry. Fortunately the Amazon backup contains these files. That had to be FTP'd, and for some reason it would not over-write existing (new) files. That meant a forced upload.
Go to myPhPadmin, then relevant database, and then upload the SQL file that has been saved under uploads on Amazon. This works for small database files.
Go to myPhPadmin, then relevant database, and then upload the
With great effort I found the core file (under the wordpress theme – whitehouse) and changed the functions_libraray.php file. That, however, did not help. So I renamed whitehouse theme to whitehouse2, and lo and behold worpress came alive.
That was the problem, so I reinstalled a whitehouse version. And saved the XML file.
This happened again recently when all widgets seemed to disappear. The solution was:
Rename to whitehouse2, install a fresh version, and delete whitehouse2. instantly came back to life.
The last time I had a peculiar problem I had to overwrite a main directory (not sub-directory) .php file (I forget which). Everything came back. NOTE THAT THE MOST IMPORTANT FILE IS CONFIG.PHP
A typical problem is plugin mismatch.  When that happens, all sorts of weird things can happen.
1) FTP to the site and rename the plugin folder as something else. This inactivates all plugins.
2) Re-active plugins one at a time and check which is causing grief. Since I have 50 odd plugins this is quite a nuisance.  It pays to DELETE plugins that you are not using. In my case, I'm building this blog post to record all the ones that I'll be using. Everything else needs to be deleted.
I upgraded WordPress (it asked me to do so!) and now I get this msg:  "Sorry, but you don’t have the administrative privileges needed to do this." That was a disaster! I searched the internet and found this solution. 
Go into Themes (under wp-content) to your theme. Within that you'll find 'core' then under /functions you'll find  the functions_library.php file. 
Open the file for editing.
You will see 
function checkauthority(){
if (!current_user_can('edit_themes'))
wp_die('Sorry, but you dont have the administrative privileges needed to do this.');
Replace it with
function checkauthority(){
if (!current_user_can('edit_themes'))
This worked for me. I find this whole WordPress thing such a mess, but one has to learn to live with it.
In the wp-config.php, change define(’DB_CHARSET’, ‘utf8′) to define(’DB_CHARSET’, ‘utf-8′)
Open up ‘wp-config.php’ from the root directory of your WordPress installation.Add ‘//’ at the very beginning of these two lines:define(‘DB_CHARSET’, ‘utf8′);define(‘DB_COLLATE’, ”);So that section should now look like this://define(‘DB_CHARSET’, ‘utf8′);//define(‘DB_COLLATE’, ”);
I accidentally put the double // on a previous line. Be careful. This does work.
1) Remove everything from searchform.php
<form method="get" id="searchform" class="" action="<?php bloginfo('home'); ?>/">
<input type="text" value="<?php _e('Search',TDOMAIN);?>" name="s" id="s" onfocus="if (this.value == '<?php _e('Search',TDOMAIN);?>') {this.value = '';}" onblur="if (this.value == '') {this.value = '<?php _e('Search',TDOMAIN);?>';}" />
<input type="image" value="Go" src="<?php echo THEME_IMAGES;?>/search-btn.png" class="submit btn" />
2) Delete the stuff in red from I forget which php file.
 <div id="sidebar" role="complementary">
global $sidesearch;
<div id="sidesearch" class="fix">
<?php include (THEME_LIB . '/_searchform.php'); ?> 
<?php endif;?>
<div id="widgets">
<?php if(VPRO) include(THEME_LIB.'/_grandchildnav_pro.php');?>
<?php if(pagelines('the_sidebar', $post->ID) == 'secondary'):?>
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar('Secondary Sidebar') ) : ?>
<?php _e('The secondary sidebar has been selected but doesn\'t have any widgets. Add some widgets to your secondary sidebar in the admin under appearance > widgets.',TDOMAIN);?>
<?php endif; ?>
<?php elseif(pagelines('the_sidebar', $post->ID) == 'short'):?>
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar('Short Sidebar') ) : ?>
<?php _e('The short sidebar has been selected but doesn\'t have any widgets. Add some widgets to your short sidebar in the admin under appearance > widgets.',TDOMAIN);?>
<?php endif; ?>
<?php else:?>
<?php if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar() ) : ?>
<?php if(!pagelines('sidebar_no_default')) include(THEME_LIB.'/_defaultsidebar.php');?>
<?php endif; ?>
<?php endif;?>
Continue Reading

Backing up a WordPress blog – THREE THINGS

WordPress blogs are particularly finicky. A small change in php disrupts the entire system. Backups are absolutely critical. [Complete Word file]


  • WordPress Core Installation
  • WordPress Plugins
  • WordPress Themes
  • Images and Files
  • Javascripts, PHP scripts, and other code files
  • Additional Files and Static Web Pages




WordPress Files

a)Wordpress export:

Regularly export the XML file containing the blog posts. This file is NOT backed up automatically.

b) Automatic backup to Amazon S3:

ALL MAIN BLOGS are backup up using WP S3 backups (S3 backup widget: Automatic backup doesn't work) to Amazon S3 [up to 5 GB is free]. Cloudberry gives regular access. To that is attached a free Amazon website. Here is the post that describes it.

Limitations: Amazon backup doesn’t work well. Amazon backup showed 24 March but the data was restored only till 21 January. I don't know what's going wrong. Clearly the S3 Backup plugin is NOT working. That is a serious problem.

WordPress database

Periodically take a backup of the datbase using phpMyAdmin

Root files

There is NO system available to backup root files. You need to use FTP regularly. The good thing is that the root files don't change much. Second, you can restore them in desperate condition by deleting the WordPress installation and then reinstalling a fresh version.



A) Export function on wordpress contains all posts, pages, and comments.

B) I'm not sure if it contains the images.

C) It definitely does not contain various widgets or other settings of the blog






Continue Reading

My widgets – text widgets only

I always thought WordPress Widgets are backed up when you back up your theme or database. That is not true, you have to back them up separately by opening a .txt file. Copy all the titles and content from your widgets inside it and the WordPress Widgets backup is ready. [Source]

Widget sets are saved as custom post type objects, thus they can be transferred from blog to blog using the standard WordPress import/export tools. However, individual widget settings (such as the text in your Text widget) are stored by WordPress core as options. As of WordPress 3.0, these DO NOT get transferred using the standard import/export tools. [Source]

There doesn't seem to be any way to store widgets. Hence this is where I'll store copies of the code for the widgets:

capitalism image

<center><a href = ""><img src ="" width = 220><hr>Breaking Free of Nehru</a></center>




<table align="left" border="0" cellpadding="0" cellspacing="1" style="width: 100%; "> 



<td style="width: 230px; "> 

<i>Why TEN times better? <a href = ""><b>To find out why, click here.</b></a></i>


<td style="text-align: left; vertical-align: top; "> 

<a href = ""><img src = "" height = 60></a>










जहाठकी सरकार हो वà¥à¤¯à¤¾à¤ªà¤¾à¤°à¥€<br>

वहां की जनता हो भिखारी</h2>

(<i>Translation</i>: When a government becomes a businessman, its subjects become beggars.)


<b>शà¥à¤°à¥à¤†à¤¤ तो करो! बदलेगा भारत!</b> कृपया <a href = "">फà¥à¤°à¥€à¤¡à¤® टीम औफ़ इंडिया</a> में शामिल हों|



<form action="" method=get


  <INPUT TYPE="text" MAXLENGTH="280" SIZE="25" NAME="q"><INPUT TYPE="submit" ACTION="" VALUE="Google Search" METHOD="get"

  ACTION="" METHOD=get><INPUT TYPE="checkbox" CHECKED NAME="sitesearch" VALUE="">sabhlokcity only </form>



<form action="" method="post" target="popupwindow" onsubmit="'', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true"><input type="text" style="width:170px" name="email"/><input type="hidden" value="SanjeevSabhloksBlog" name="uri"/><input type="hidden" name="loc" value="en_US"/><input type="submit" value="By email" /></form>

<br><a href=""><img src=";fg=FF0000&amp;anim=0" height="26" style="border:0" alt="" /></a> | <a href = "">Comments RSS</a> | <a href = "">Direct feed</a>


<div id='networkedblogs_nwidget_container' style='height:70px;padding-top:10px;'><div id='networkedblogs_nwidget_above'></div><div id='networkedblogs_nwidget_widget' style="border:1px solid #D1D7DF;background-color:#F5F6F9;margin:0px auto;"><div id="networkedblogs_nwidget_logo" style="padding:1px;margin:0px;background-color:#edeff4;text-align:center;height:21px;"><a href="" target="_blank" title="NetworkedBlogs"><img style="border: none;" src="" title="NetworkedBlogs"/></a></div><div id="networkedblogs_nwidget_body" style="text-align: center;"></div><div id="networkedblogs_nwidget_follow" style="padding:5px;"><a style="display:block;line-height:100%;width:90px;margin:0px auto;padding:4px 8px;text-align:center;background-color:#3b5998;border:1px solid #D9DFEA;border-bottom-color:#0e1f5b;border-right-color:#0e1f5b;color:#FFFFFF;font-family:'lucida grande',tahoma,verdana,arial,sans-serif;font-size:11px;text-decoration:none;" href="">Follow this blog</a></div></div><div id='networkedblogs_nwidget_below'></div></div><script type="text/javascript"><!–

if(typeof(networkedblogs)=="undefined"){networkedblogs = {};networkedblogs.blogId=459795;networkedblogs.shortName="sabhlokcity";}

–></script><script src="" type="text/javascript"></script>



<!– Include the Google Friend Connect javascript library. –>

<script type="text/javascript" src=""></script>

<!– Define the div tag where the gadget will be inserted. –>

<div id="div-261504024861090441" style="width:276px;border:1px solid #cccccc;"></div>

<!– Render the gadget into a div. –>

<script type="text/javascript">

var skin = {};

skin['BORDER_COLOR'] = '#cccccc';

skin['ENDCAP_BG_COLOR'] = '#e0ecff';

skin['ENDCAP_TEXT_COLOR'] = '#333333';

skin['ENDCAP_LINK_COLOR'] = '#0000cc';

skin['ALTERNATE_BG_COLOR'] = '#ffffff';

skin['CONTENT_BG_COLOR'] = '#ffffff';

skin['CONTENT_LINK_COLOR'] = '#0000cc';

skin['CONTENT_TEXT_COLOR'] = '#333333';



skin['CONTENT_HEADLINE_COLOR'] = '#333333';

skin['NUMBER_ROWS'] = '2';

google.friendconnect.container.setParentUrl('/' /* location of rpc_relay.html and canvas.html */);


 { id: 'div-261504024861090441',

   site: '05055981591603055949' },




<a href = "">Become a Facebook friend</a> | <a href = "">Boycott corrupt politicians</a> | <a href = "">Demand Freedom</a> | <a href = "">Rajaji</a>


<iframe allowtransparency="true" frameborder="0" scrolling="no" src=";width=280&amp;connections=8&amp;stream=false&amp;header=false&amp;height=280" style="border:none; overflow:hidden; width:280px; height:280px;"></iframe>



<script src=""></script>


new TWTR.Widget({

  version: 2,

  type: 'profile',

  rpp: 4,

  interval: 6000,

  width: 250,

  height: 300,

  theme: {

    shell: {

      background: '#aba6ab',

      color: '#052b61'


    tweets: {

      backgrou '#2b5f8c',

      color: '#faf2fa',

      links: '#ede07c'



  features: {

    scrollbar: false,

    loop: false,

    live: false,

    hashtags: true,

    timestamp: true,

    avatars: false,

    behavior: 'all'





FTI Logo and link to Freedom Partners

<center><a href = ""><img src ="" width = 150 height = 160></a>.


To reform India's governance, join the <h3><a href = "">Freedom Team of India</a></h3>


Now get the <a href = "">Tweets</a> of FTI</center>


<center><h3><a href = ""> Become a <b>Freedom Partner!</b></a></h3></center>


<iframe allowtransparency="true" frameborder="0" scrolling="no" src=";width=280&amp;connections=8&amp;stream=false&amp;header=false&amp;height=280" style="border:none; overflow:hidden; width:280px; height:280px;"></iframe>

ADSENSE WIDGET – get from other blogs/ else directly from adsense.


<center><a href = ""><img src = ""></a><br><i>Breaking Free of Nehru: Let's Unleash India!</i> (Anthem Press, 2008). 

<b>Now available as a <a href ="">FREE ebook</a></b> or <a href = "">buy online</a>.


<a href = ""><img src = ""></a>


Comment on the draft manuscript <a href = "">The Discovery of Freedom: Everyman’s guide to an ethical, prosperous society</a> available as a free Word document at the moment.</center>


<div style="width:280px;margin:auto;"><object style="margin:0px" width="280" height="250"><param name="movie" value=""/><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><param name="flashVars" value="feedurl=user/sabhlok&widgettitle=My%20Presentations"/><embed src="" flashVars="feedurl=user/sabhlok&widgettitle=My%20Presentations" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="280" height="250"></embed></object><br>My Slideshare presentations.


Create a free, prosperous, peaceful world

<center><a href = ""><img src = "×300.jpg" WIDTH=130></a><br> Become part of World 2.0 </center>


<center><a href = ""><img src = "" width = 127 height = 192></a><br><a href = "">Download: <i>Vedic Metaphysics</i>by Prem Sabhlok</a>



<center><a href = "">Technorati</a> | <a href = "">Indiblogger</a> | <a href = "">Networked Blogs</a> | <a href = "">Blogadda</a> | <a href = "">Blogs collection</a> | <a href = "">Top 75 Indian blogs</a> | <a href="">INDIA-BLOGGER</a> | <a href="" title="Bloggers – Meet Millions of Bloggers" rel="dofollow" ></a>


<a href=""><img src="" title="Economics" alt="Economics" border="0" /></a>


<a href="" title="Politics Blogs" target="_blank"><img style="border:none" src="" alt="Politics Blogs" /></a><br /><a target="_blank" href="" style="font-size:10px;">blog tools</span></a>



<a href=""><img src = "" width = 200></a><br>This blog is now on the Best Blogs of India.








<center><script type="text/javascript" src=""></script> 

<i>Indiblogger evaluates on a scale of 1-100, with top ranks in the range of 80-90. Several blogs may share the same rank.</i>


<A href=""><SCRIPT type='text/javascript' language='JavaScript' src=''></SCRIPT></A>

<br><a href = "">Review this blog on Alexa</a>






<div><div><a href="" ><img border="0" alt="Top Blogs" src=""/></a></div><div style="font:9px Tahoma, Verdana, Arial; color:#000; padding-left:6px;">Powered By <a href="" style="color:black; text-decoration:none">Invesp</a></div></div>



<div><div><a href="" ><img border="0" alt="Top Blogs" src=""/></a></div><div style="font:9px Tahoma, Verdana, Arial; color:#000; padding-left:6px;">Powered By <a href="" style="color:black; text-decoration:none">Invesp</a></div></div>








<iframe src='' width='170' height='75' frameborder='0' scrolling='no'></iframe><br>





Advaita – a worldview worth exploring


<center><a href = ""><img src = "" width = 150></a>


<a href = "">Swami Suddhananda and his approach to our shared humanity</a></center>



<script src="" type="text/javascript"></script>



    pid: 'sabhlok',

    width: 280,

    background: '#226685'



Continue Reading