Site Hacked – Logins Were Deleted

  • We got hacked yesterday due to a compromise in the theme we were using. Once we had our hosting service restore access to our CPANEL, we were able to remove the offending user (the hacker created their own user for Word Press).

    However, it seems in this act they had deleted ours as well so we had created a new user by using phpMyAdmin. The user was created, however whenever we logged in it would say

    “You do not have sufficient permissions to access this page.”

    I could not find a privileges page in our phpMyAdmin (it says “no privileges” despite us being the root/admin to it).

    How can we regain access to our site? Is there a way to give ourselves the allowance to view our dashboard?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

  • Setting up a new WP account in phpmyadmin would be difficult, but you can change the password for an exisiting account in phpmyadmin Resetting Your Password ? WordPress Codex, no matter if it is one of the default “admin” accounts that WP always sets up, or an account under another login.

    Phpmyadmin says you don’t have privledges becuase you don’t have privledges to create a new database on the hosting server; it has nothing to do with WP accounts or privledges. The error you’re getting in WP when you login saying you don’t have privledges is either a result of the way you tried to set up an account for WP through phpmyadmin or a file permission problem.

    After you’re back in, I’d also replace all your WP files and also see How to Completely Clean a Hacked WordPress Install.

    Thread Starter misterzombie

    (@misterzombie)

    Could we in theory do a copy/backup of the files from our FTP, then do a new clean install of WP to gain a functioning admin account, and then import those files back in to save our content?

    Right now we aren’t even capable of reaching the dashboard.

    You can backup your theme and other files you’ve change via FTP, and export your database with phpmyadmin. Then do a clean install of WP and import your database. Then you can delete any other accounts that get imported with the database.

    But I think you’re going to want to grep the database dump – as about in the “Completely Clean” link – to clean out anything else the hacker left behind.

    Thread Starter misterzombie

    (@misterzombie)

    Thank you ?? We have fixed our site.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Site Hacked – Logins Were Deleted’ is closed to new replies.