Password Hack Attempts Fail

first things first: replace all PHP files with known, clean copies by reinstalling WordPress and your plugins from files in the repository. Unless you have clean files, you can’t be sure what’s happening.

Once you’ve done that, then the phpmyadmin password reset should work.

Hi Steve, thanks for your reply. So I would download a fresh wordpress install, unpack and copy the files through file manager correct? What directory would I replace the php files? or would I replace all of them? Will this change the website at all or the content on it?

Replace all of them. This has nothing to do with your content.

Thanks Steve, will try that

Okay I have copied all the php files, but the reset script is still returning:

That is not the correct administrator username.

however that is the only user in the user table??

Use the phpmyadmin method.

it’s still not working, i’ve changed the password in phpmyadmin, Im on Godaddy and there’s no MD5 option, does this matter?

Yes, that matters. The value you put in must be an MD5. However, there are websites you can use to MD5 has a string. For example, https://www.md5hashgenerator.com/

okay Im getting somewhere now.. I logged in, but when i try to go to wp-admin I get :

Sorry, you are not allowed to access this page.

should I copy a new wp-login or wp-admin page?

delete any cookies you may have associated with the site or login from a private/incognito browsing session.

However, if the site is compromised, there’s things you need to do before logging in.

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean them, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are two.

Hi Steve, I have deleted the cookies but the error still persists. I have read that page a few times already, but in order to use wordfence I need to get into the admin section. Should i copy in new wordpress files across the board? which ones in question?

Should i copy in new wordpress files across the board? which ones in question?

All of them.

what would cause the access denied error? and by all of them do you mean just the php files?

1. Just the PHP files.

2. Please follow the guide I linked above.

3. Ask GoDaddy to verify that your file ownerships and permissions are correct.