Can’t Log Into Wp-Admin

  • Hello guys. I was recently hacked. My hosting provider restored a version of WordPress from 09/24/17. I tried to log into wp-admin of this WordPress version of my site but even with the correct credentials (verified from CPanel database), WordPress tells me that the password is incorrect.

    I have not tried resetting or changing the password from the database from fear something will go wrong. I tried to click e-mail me anew password from the wp-admin page, but something is fishy. It sends my to my own website asking for my e-mail to send me the new password. Why would it through this directly from my site? I don’t feel safe putting my e-mail in what could potentially be my hacked website. The certificate was also removed from my site (I’m guessing by Google since it may not be a safe site).

    What do I do at this point? I want to log in so I can download a plugin to scan the 09/24/17 WordPress site and verify that it is clean, but it won’t let me log in. I scanned the back up of my most recent version of the site (which is no longer up on the web), and it was riddled with viruses. I discovered this after scanning with 5 different antivirus programs. I don’t think I can safely restore that version anymore.

    I am new at this and this is my first website, I am in over my head and have no one to speak to. Please don’t refer me to the same 5 WordPress articles that give me the most basic information to solve this problem. I’ve already tried the solutions and they aren’t much help. I need more help but don’t know where to get it.

    Thank you.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

  • verified from CPanel database

    @neffero,

    It is not possible to see the actual admin password in the database. The password is stored in a manner that can only be de-crypted – the password value is not the actual password.

    I suggest you change the password using the method in those 5 links directly in the DB.

    Also, the site is currently returning a 500 error and is blacklisted. You can see that by scanning it at https://sitecheck.sucuri.net/

    Also, why is it assumed that the site was hacked after 9/24? It may have been long before that. It generally takes some time for a site to get blacklisted.

    I know those last few thoughts are not things you want to hear, but they are real.

    I suggest folks that cannot cleanup a site on their own to hire Sucuri. They are well recommended by many.

    Once the site is cleaned up and back online, you can contact the ones who have blacklisted your site to review it and remove the blacklisting.

    Please then always do follow best practices to keep your site clean.

    I also advise that you do a full security scan of all files and services on any local machine/device you have used to visit/log into the site in the past still in use.

    Many do not realize that the whole thing started when they downloaded some bad plugin or code. It infects their local machine, then the website.

Viewing 1 replies (of 1 total)
  • The topic ‘Can’t Log Into Wp-Admin’ is closed to new replies.