How-to

Troubleshooting WordPress Website Errors Can Be Problematic | How to Fix WordPress Login Page Errors?

Posted on 02.15.22 | Jim Walker | Leave a Comment

Troubleshooting WordPress website errors can be problematic, even more so when you’re not able to log into WordPress

One of the most common issues I encounter with WordPress websites relates to the corruption of WordPress core files.

[ Key Takeaways
This article provides a guide in troubleshooting a common issue in WordPress websites, the corruption of core files. WordPress core files are the files in the main public directory such as wp-includes, wp-admin, and others. This article discusses two easy methods for repairing and recovering from WordPress errors. ]

WordPress core files are those files in your main public directory, e.g., the directories wp-includes, wp-admin, and other associated files.

If your WordPress login page is reporting an error like the one below, then it’s very likely that files within your WordPress installation has been corrupted.

Repairing WordPress core files can be as simple as replacing the WordPress core files with the latest version from the WordPress Repository.

How to replace WordPress core files?

There are a number of ways to replace WordPress core files. I’ll list the two most common methods I personally use below.

Using File Manager. If your web hosting company provides a file manager option, try the steps below to replace your WordPress core files:

Download the latest version of WordPress from the WordPress repository as a .zip file.
Create a directory, like “new” into any directory within your hosting account.
Using File Manager, upload the zip file, downloaded in step 1 above, into the “new” directory.
Extract the zip file. This will extract the WordPress core files into a new directory named “wordpress.”
Next, navigate into the “wordpress” directory and compress all of the files and directories into a new zip file, like “new.zip.”
Once you have the core WordPress files and directories ready as “new.zip,” move that “new.zip” file in your public directory space and extract it there.
This extraction of the “new.zip” files and directories will overwrite the existing WordPress core files and directories nicely.
Check your WordPress login page to verify all is back to normal.

Using the cPanel WordPress Toolkit. If your web hosting company provides the cPanel control panel with the latest WordPress Toolkit option, then replacing the core WordPress files and directories requires just a few clicks.

How to replace WordPress core files with WordPress toolkit?

Log into your cPanel and click the WordPress Toolkit, then click the “Scan” button on the WordPress Toolkit options page.
Once the scan has completed and your WordPress installation is displayed, look for and click the words “Check WordPress Integrity” near the bottom of the page.
There you’ll find the “Reinstall WordPress Core” button. Click this link to complete a re-installation of your core WordPress files.
Then check your WordPress login page to verify all is back to normal.

If you need help with any of the recommendations above, please feel free to ask me and I’ll help set this up for you today.

How to Delete Invisible WordPress Admin Users

Posted on 05.28.16 | Jim Walker | 8 Comments

Invisible WordPress admin users are sometimes left behind artifacts of a sloppy hacker or following the cleanup of a hacked website.

As of yet, there is no automated way to remove these invisible WordPress users. Some phpMyAdmin mojo is necessary to remove them. This article will cover how to remove those invisible user bits sometimes left behind in the database following a mySQL injection.

“phpMyAdmin may seem a bit intimidating at first. Think of it like a text editor for databases and you’ll be fine.”

The steps to removing invisible users in WordPress:

Be sure to use a backup plugin, like Updraft Plus or Backup Buddy, to make a database backup.
These backup plugins will not only help you generate a backup in seconds, they’ll likewise allow you to recover your prior database with just a few clicks of your mouse. So seriously, don’t freak out – “your website will not be wiped clean by editing a couple of database tables.”

Add a new Administrator (user)
This still isn’t fully necessary, but I find it helpful in the scheme of things. Maybe you are still using Admin as your username? If that’s the case, this would be a great opportunity to change that to something less guessable.

After creating your new user, log out, then log back in as the new Administrator.

Log into phpMyAdmin. Scary, huh?
I have to agree, phpMyAdmin is probably the most intimidating login screen you’ll encounter in your WordPress career.

You’ll find the username and password for your phpMyAdmin by viewing the text within your wp-config.php file:

Once logged in, find your database in the left column and click it once.
That will reveal a list of tables. We only care about two tables: wp_usermeta and wp_users

Let’s start with wp_users. Click that table link and you’ll see something like this:

What’s important here are the numbers in the User ID column. Note how one is 2 and the other is 101011. These are good users in our installation. Hint: “Remember this.”

Ok, the truly scary part. Sorry, you’ll have to trust me on this. We are going to do a database query to identify the invisible users. Click the SQL tab.

Next, copy/paste the text below into the box and click the “Go” button bottom right.

select * from wp_usermeta where meta_value LIKE '%administrator%';

This will do a quick search for all currently set administrator users.

And now to the callback. After our search in #5 above, notice the extra users Mr/Mrs. Sherlock?

WordPress Admin Users — *“Excellent!” I cried. “Elementary,” said he.” – Arthur Conan Doyle*

Now kill the other users. Clicky-clicky on the big red X next to each bad user until your enemy has been defeated.

If you are victorious in your quest, you’ll see something like this when you refresh your WordPress dashboard Users list:

Before:

After:

Done!

+++

For those of you who arrived here after searching for the term, “how to delete a WordPress website“

Deleting WordPress is usually pretty straightforward. Though, if your site is active, deleting your WordPress site will likely take your entire website down and all of your files with it. Proceed with care…

If you are not sure how to delete your WordPress website just click the chat link below and ask. I’m here to help.

Glad to have just saved you hours of research and potential re-hacking of your website.

Possibly Buy Jim a Cup of Coffee?

How do I verify my site with Google Webmaster Tools after clearing my website of malware?

Posted on 12.23.15 | Jim Walker | 3 Comments

After a website has been cleaned of malware, I’m often asked, “how do I verify my website within Google Webmaster Tools in order to clear my reputation within Google search?”

This article summarizes the process to both verify your website through Google Webmaster Tools (a.k.a. Google Search Console), and how to clear your reputation within Google search.

When a website is compromised, the first sign of trouble is often Google search. A hacked website can be quite an eye opener for a struggling business. And the process for submitting a review request can be somewhat confusing.

Let’s start with examples of “compromised website” listings within Google search:

Common Google compromised site definitions:

“This site may be hacked” may appear when Google believes a hacker may have changed some of the existing pages on a site or added new spam pages.

“This site may harm your computer” may appear when Google believes malicious software has been installed on a website. This malware may cause computers viewing the website to install unwanted programs to steal passwords and credit card numbers, change search results or worst.

What may result from your website being marked as compromised within Google search?

– Loss of business credibility.

– Folks who search for your business using Google search will likely not click through to your website.

– Prospective clients may never return to your site again, in fear they may be hacked themselves.

– If left compromised for too long, Google may delist your website from search.

– Other search engines, like Bing or McAfee SiteAdvisor, will likewise delist your website address in search within a matter of days following a Google search “This site may be hacked” warning.

Suffice it to say, being listed as compromised has a range of not so happy consequences.

Your first course of action is to get your website cleaned of malware and secured by a competent, well regarded professional.

Once the site is clear of malware, then, and only then should you submit a request to Google to clear your online reputation.

This 6-minute video summarizes the ownership verification process.

Start by clicking this link to register and verify your site in Google’s “Search Console”

How to clear your reputation in Google Search

See the picture at right for the location of each link to click

Once signed into the “Search Console“, click on the “Security Issues” section to see details of sample URLs that might be infected.

If you see the sentence, “Currently, we haven’t detected any security issues with your site’s content.” then we we are good there.

Next, click the “Search Traffic” section and choose “Manual Actions“. If you see the sentence, “No manual webspam actions found.” then all is well there as well.

These two sections, “Security Issues” and “Manual Actions” are the only two sections you need to review where malware is concerned.

One or both of these sections may require that you submit a statement to Google requesting they review your website for malware in order to clear your reputation in Google search.

This 6-minute video also nicely summarizes Google’s process for clearing one’s reputation in search:

Once you’ve submitted your “Request a review” to Google, it may take from 12 hours to 48 hours for Google to clear the “This site may be hacked” or “This site may harm your computer” message from search.

The Movie

How do I verify my site with Google Webmaster Tools | HackRepair.com

For HackRepair.com clients. We will clear all malware, submit the Google review request for you, and notify you once the site compromised messages are removed from Google search.

Once your website has been cleaned of malware and reputation cleared within Google search we recommend double-checking your reputation at URLVoid.

« Previous Page