WordPress is an open-source content management system and is highly used to create websites and blogs. We all are aware of the fact these days, that the more a service is famous the more its chances of being hacked. Hackers are always in search of hacking such services to avail its benefits for their profit. One such issue is faced by WordPress often. In such cases, many times WordPress admin of a site is not able to access their site. This means a hacker has hacked your website and has changed the old access to your WordPress admin. This allows the hacker to gain control over your website and make changes according to their profit.
Reasons why a WordPress Admin is hacked?
To resolve the issue of a WordPress Admin hack one needs to identify why the situation had occurred. This helps to reach the core reason for the problem. Let us have a look at some of the reasons why a WordPress admin can be hacked?
- A hacker has hacked into your website and changed the access to your WP privileges.
- Re-logging into the website multiple times can also give rise to such situations.
- Forgetting the changes custom login URL.
- Non-working of the ‘Recover Password’ option.
- Various petty issues such as:
- PHP error
- Errors faced while establishing a database connection
- HTTP 500 internal server
- White screen of death
Steps to Fix a WP-Admin Hack
- Reset Password through phpMyAdmin
WordPress allows one to log in multiple times in case of forgetting the password by default. This helps one to try the combination of different usernames and passwords until one can reach the right one. But if your website doesn’t allow you to do so then one might be locked out of their website. If one is not able to reset their password with the help of the ‘Forget Password’ option then one can do so with the help of a web hosting account. Creating a new user account can help one to regain access to their website. Following the steps mentioned below are helpful for this purpose:
- Log into your web hosting account to access cPanel.
- Select phpMyAdmin under the Databases section.
- The next step includes selecting your website’s database.
- From the multiple tables in your databases select wp_users to edit it. This helps to reset usernames and passwords.
- In the Value field enter the password of your choice and save the changes.
- Now access your WordPress login page with new login credentials.
- Restore Backup
Having a backup is always helpful in such situations. Therefore, one should have a backup of the original data to restore it and edit the malicious content. One should have a backup of their original data with the help of a plugin or through your web host. Restoring the backup helps to get rid of the recently occurred errors. Restoring the backup also helps one to access the WP admin page and log in without any difficulty. It is advised to perform a troubleshoot to find out the reason the problem occurred.
- Disable Plugins
At times these plugins are the reason we lose access to our WP admin. Hence, one should immediately disable these plugins to avoid further damage. This should be done manually by following the steps mentioned below:
- Select cPanel > File Manager in your hosting account
- Open public_html, then select wp-contents folder
- Find the Plugins folder from it then rename it as Plugins_Disable
Then have a check whether you can access your wp-login page. If you can access the page then a plugin is causing a conflict issue on your site. The next step involves logging into the wp-admin account and then activating each plugin at a time. Reload the site to detect the problem-causing plugin.
- Scan the Website
The moment hackers gain control of your website they lock the website owner out. This helps them to snatch admin privileges from you and put all the malicious content according to their preference. This also allows them to run malicious content according to their time and ruin one’s website reputation. Therefore, in such situations, one needs to scan their website for malware immediately. If one doesn’t have access to the wp-admin page then one needs to follow the steps mentioned below:
- If you have a malware scanner pre-installed like MalCare on your website, then they provide you with an independent dashboard to run a remote scan without logging into WordPress.
- Use an external online scanner for malware scanning.
- Check out if Google has flagged you as a malicious website on Google Safe Browsing.
- Have a check at the Security tab in your Google Analytics account.
After following these steps even if you find malware on your site then one needs to scan the website. Running a malware scan manually is not advised as much as it won’t be much effective. Therefore, it is necessary to take technical help for a complete solution and gain the WP-access back.
- Re-upload wp-login.php
If you are unable to login to your WordPress login page then it might have happened due to the deletion of the wp-login.php file. The file might also have moved to another location. One can fix the problem by re-uploading the file.
- Generate a new .htaccess file
.htaccess file is one of the most sensitive files of your WordPress website. An issue in this file can also let you lose access to your WordPress admin panel. Deleting the old file and generating a new .htaccess file helps one to get rid of the issue.
- Disable your Themes
Just like plugins, themes can also be the reason for login your access to the WP-admin page. To get rid of the issue one needs to simply disable the themes. If the theme was the issue then disabling it will immediately resolve the problem.
- Check File Permissions
For better safety WordPress has file permissions for different levels of access to different users. You can change the access to read, write, and execute files on the website. For a detailed guideline, you can also refer to WordPress recommended File Permissions.
- Reinstall WordPress
After following all the mentioned steps still, you are unable to gain access to the WP-admin page then you can try reinstalling WordPress. This helps to identify the corrupted core WordPress files. Reinstalling WordPress isn’t a cakewalk. It involves re-installing the core files as well. But you can do that hassle-free with professional help.
- Increase your PHP Memory Limit
Every website is granted a limited PHP memory. If this limit is exceeded then it might cause errors. Therefore, increasing the PHP can help one resolve the issue.
- Troubleshoot Individual Error WordPress Messages
You might notice various WordPress error messages instead of the login page. There might be messages such as:
- Error establishing a database connection
- HTTP 500 Internal Server
- White screen of death
- Parse errors
- PHP errors
Troubleshooting such errors help one to resolve the issue and get back to the login page.
The following steps are helpful for the one to regain their WordPress admin page back. The steps are also helpful to ruin the damage done by the hackers to the website. This improves to regain the reputation of the business and get it back on the progressive track.