不再能够访问Wordpress管理面板
[英]No longer able to access Wordpress admin panel
问题描述
I am no longer able to access the admin panel of a Wordpress site. 
我不再能够访问Wordpress网站的管理面板。 2 days ago I added a plugin, loaded some new content, and things were working fine. 2天前,我添加了一个插件,加载了一些新内容,一切正常。 The client loaded some regular blog posts, and today, it no longer works. 客户加载了一些常规的博客文章,而今天,它不再起作用。
First of all, the error itself : 首先, 错误本身 :
I go to URL: mydomain.com/wp-admin , the browser redirects to: mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fmydomain.com%2Fwp-admin%2F&reauth=1 我转到URL: mydomain.com/wp-admin ,浏览器重定向到: mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fmydomain.com%2Fwp-admin%2F&reauth=1 redirect_to=http% mydomain.com/wp-login.php?redirect_to=http%3A%2F%2Fmydomain.com%2Fwp-admin%2F&reauth=1
The error message says: 错误消息显示:
Not Found
The requested URL /mother/18/readf.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
What I know so far: 我到目前为止所知道的:
- Nothing in .htaccess redirects to mother/18/readf.php .htaccess中的任何内容均不会重定向到mother / 18 / readf.php
- A search of similar errors gives a lot of results where urls within normal sites seem hijacked to sell antidepressants, viagra, etc. When I say normal sites I mean that there are sites that do logistics, https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mother/ /readf.php&safe=off&nfpr=1&start=10 https://www.google.com.ar/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=mother/ /readf.php&safe=off&nfpr=1&start=10 对类似错误的搜索会产生很多结果,在这些情况下,正常站点中的URL似乎被劫持以出售抗抑郁药,伟哥等。当我说正常站点时,我的意思是说有些站点从事物流工作,即https://www.google.com。 ar / webhp?sourceid = chrome-instant&ion = 1&espv = 2&ie = UTF-8#q = mother / /readf.php&safe=off&nfpr=1&start=10 https://www.google.com.ar/webhp?sourceid=chrome- Instant&ion = 1&espv = 2&ie = UTF-8#q = mother / /readf.php&safe=off&nfpr=1&start=10
- Disabling all plugins doesn't help (I renamed the plugins folder and then tried to log into the admin). 禁用所有插件无济于事(我重命名了plugins文件夹,然后尝试登录到admin)。
- Searching the database for
readf.phpormotherdoesn't show anything obvious.在数据库中搜索readf.php或mother并没有发现任何明显的现象。 - The client claims to only have made changes to content since yesterday, when the site admin was still working. 该客户声称,自昨天(网站管理员仍在工作)以来,仅对内容进行过更改。 (Yes, claims... they have superadmin access, so this might not be true). (是的,声称...他们具有超级管理员访问权限,所以可能不正确)。
Has anyone come across this issue? 有人遇到过这个问题吗? Any ideas on what I can look for next? 关于我接下来可以寻找的任何想法?
1 个解决方案
解决方案1
6 2015-04-30 19:21:57
Sounds like you got hacked. 听起来您被黑了。 Time to fix it right the first time, or you will get hacked again. 是第一次修复它的时间了,否则您将再次被黑客入侵。 You need to replace all core WP files/folders (except wp-config.php and wp-content), but scan the uploads folder and theme for exploit code and modified files or added files, like readf.php . 您需要替换所有核心WP文件/文件夹(wp-config.php和wp-content除外),但是要扫描上载文件夹和主题以找到利用代码和修改过的文件或添加的文件,例如readf.php 。 Replace all plugins, too. 也更换所有插件。
Also scan the database for eval code and added administrators. 另外,在数据库中扫描eval代码并添加管理员。 (See "My Site was Hacked" below). (请参见下面的“我的网站被黑客入侵”)。
Change all host, FTP and WordPress passwords in the process. 在此过程中更改所有主机,FTP和WordPress密码。 Scan your own PC for malware that might have grabbed logins and passwords. 在您自己的PC上扫描,以查找可能抢夺了登录名和密码的恶意软件。
Tell your web host you got hacked; 告诉您的虚拟主机您被黑了; and consider changing to a more secure host. 并考虑更改为更安全的主机。
Carefully follow FAQ - My Site Was Hacked at WordPress.org. 认真遵循FAQ-我的网站在WordPress.org上被黑 。
Then take a look at the recommended security measures in Hardening WordPress and Brute Force Attacks at WordPress.org. 然后在WordPress.org上的“加强WordPress和蛮力攻击”中查看推荐的安全措施。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.