找不到 wp-login.php 和 wp-admin 404 上的太多重定向

Question

am having issues with my wordpress website. I can't login in at all. When I try to goto wp-admin I get a 404 page not found error and it redirects to wp-login.php (wp-login.php?redirect_to=https%3A%2F%2Fmycrazywebsite.com%2Fwp-admin%2F&reauth=1)

When I goto just wp-login.php I get an error saying redirected you too many times.

I have tried the following:

Clearing my cookies - Did not work

I checked my siteurl and home in wp-options in my database - Both are correct.

Added the following code to wp-config.php:

define('WP_HOME' , 'https://mycrazywebsite.com'); define('WP_SITEURL' , 'https://mycrazywebsite.com');

Removed my .htaccess file

Added the following code to wp-config.php

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';

None of them worked...Please help I have been struggling with this for days? Would it effect my site if I replace my wp-admin with a fresh one?

PLEASE NOTE:

this website was effected by the temp.lowerbeforwarden.ml virus that is going around.

Answer 1

I would say that it isn't an issue with your Apache configurations since it all started after your site was affected by a virus.

• Create a copy of wp-config.php and download it.

• Go to wp-includes directory and look for a file called version.php . See the WordPress version that you have.

• Visit https://wordpress.org/download/releases/ and download the zip for that version.

• Delete everything except wp-content directory.

• Upload and extract.

• Rename wp-config-sample.php to wp-config.php . Define the DB Credentials and Authentication keys (remember, you saved the old copy of wp-config.php! copy-paste details wherever needed but don't upload the old one unless you are absolutely sure that there's no malicious code in it)

• Go to /wp-content/plugins directory and make a note of all the plugins installed. Delete all of them. Get all those plugins from WordPress repositories and upload the zip files and extract them.

• Go to your phpMyAdmin and run this query (your table name may vary, it should be wp_posts or maybe in this format wpXX_posts, just check that):

  select * from wpXX_posts where post_content like '%script%'

• Review the data in post_content for each row and remove any malicious javascript code. (Copy data from that cell, paste in a text editor, review, delete everything from that cell and put back the reviewed data)

  Examples (similar things to look for):

<script src='https://scripts.lowerbeforwarden.ml/src.js?n=ns1' type='text/javascript'></script> <script type='text/javascript'>window.location.href = "SOME_URL";</script>

Also, look for any Google Analytics or tracking scripts that you didn't add.

• Go to wp-contents > themes and delete all theme folders. Upload your theme's zip file and extract and put there.

• Everything should be working by now. One last step, log in to your WordPress dashboard, go to settings > permalinks and scroll down and click 'save changes'.

Answer 2

This error could occur when there is no storage space left on device where MySQL store data.

Wordpress is unable to save session data in database and redirects to login page with &reauth=1 .

Answer 3

Try this below steps:

1. Turn on debugging log in wp-config.php file.

2. Disable plugins one by one by rename plugin folder and check site working or not in /wp-content/plugins/ path.

3. Rename .htaccess, wp-config.php file & upload new .htaccess, wp-config file from freshly downloaded wordpress & update your db name, db user & db password in wp-config.php file.

4. Mostly virus affected websites injected with some anonymous files. So check any unknowing files available in public_folder.

5. Repair all your database tables in phpmyadmin by this syntax: "repair table "

Answer 4

You can try this

1. Try to debugging by disabling the plugins. It could be problem because of version mismatch.

2. Change old wp-config with new wp-config.

3. For virus attacking just check any anomalie files. it can only effect in root folder.