Locked out after creating new user

  • Looking at “Live Traffic”, I see bots hitting xmlrpc.php repeatedly using my username. They’re all getting blocked –
    but I thought maybe it would be a good idea to create a new admin user and delete the one that’s known to the hackers.
    In doing so, my IP address got blocked immediately, and the recover link in the email brings a 404.

    Now what? Can I unblock the ip via PhpMyAdmin? What table is the list in?
    I don’t want to temporarily unblock all ip addresses – the site is under attack.

    I followed the directions here – and it led to an error 500, took the site down completely.

    I’m restoring it via server rewind and redoing the hack cleanup from 2mb-autocode autoinstalling via SQL injection. I’m searching the db via PhpMyAdmin for 2mb-autocode and deleting the instances.

    • This topic was modified 6 years, 3 months ago by jonburr.
    • This topic was modified 6 years, 3 months ago by jonburr. Reason: More complete info

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @jonburr,

    You most likely still have the “auto_prepend_file” PHP directive in your “.htaccess”; it is added there when you optimize your Firewall.

    Try removing the whole section from “# Wordfence WAF” to “# END Wordfence WAF” in the site “.htaccess”.

    In order to forcefully regain access to your site you renamed the Wordfence folder “wp-content/plugins/wordfence/” but the PHP script specified in the “auto_prepend_file” directive (wordfence-waf.php) contains reference to another PHP script located in that Wordfence folder.

    Then again it could also be that the “wordfence-waf.php” file was removed altogether.

    So now when your site is accessed the PHP script can’t be found; hence the error.

    P.S: Once you’ve got Wordfence up and running again, don’t forget to re-optimize the Firewall.

    • This reply was modified 6 years, 3 months ago by yndmgo. Reason: Additional info
    Thread Starter jonburr

    (@jonburr)

    It’s a moot point now – but if that information had been in your article, it would have saved me a lot of time and stress.

    Meanwhile, I learned that I could have (temporarily) whitelisted my own IP. I think my error came from failing to save the new user in WP before logging in.

    I’m sure the people at Wordfence will see your comment and update their documentation. And at least, as you can see, there’s always another user willing to help ??

    Thread Starter jonburr

    (@jonburr)

    Apologies, thought you were them…:)
    I’m sure another hapless user will stumble on this thread and come away wiser for it.

    Thread Starter jonburr

    (@jonburr)

    – and, another thing I learned, after successfully creating the fresh new user and deleting the one under attack… using the “block user name” feature turns em away and doesn’t trigger an alert. The inbox has settled down considerably.
    Wordfence is a great freaking tool.

    How do I get off this Merry Go Round? I posed a question regarding Wordfence and since the my inbox has been bloated beyond belief by responses to and questions about any topic. I have looked and unticked the “send me an email…” button but still my inbox is full. I am sorry so many people are having issues with Wordfence but I can live without knowing……

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Locked out after creating new user’ is closed to new replies.