Hacked? Retrieve Access to Your WordPress Backend
One day, you wake up and realize that your WordPress got hacked. Maybe the landing page shows a skull and mocks you, as you may have made a mistake allowing the hacker to access the page. Now, you have a real problem, because no matter what username and password combination you try, you just won't get back into your website's admin area. Stay calm; we have a solution to that as well. Of course, the trick that I'm about to show you will also work for forgotten access information. Whatever the problem may be, and for whatever reason, you don't have access to the admin account, it can be solved. If you don't have any website backups to restore, you need to fix the problem differently. However, if you have a good backup strategy, your website will be recovered with just a few clicks. If not, proceed as follows:
Setting Up New Access Information in phpMyAdminIn about 98 percent of all cases, a hacker will not want to, or be able to compromise all areas of a website or a server. Thus, you'll always have access to phpMyAdmin, including your database used by WordPress. If you don't have access to your server or web hosting package anymore, contact your hoster's support. In case you forgot, you're able to find the access information in the
wp-config.php.Use this access information to log into your phpMyAdmin interface. Then, choose the right database, if you happen to have multiple websites. Now create a manual backup of your database, allowing you to import it again later on if you happen to make a major mistake in the following work. [caption id="attachment_76944" align="alignnone" width="660"] First: Always create a backup.[/caption] Now, it's time to go to the bone. We will set up new access information in the database, so that you get your access back fast, and restore your website.
Placing New Access Information in the DatabaseClick the table
wp_userson the left. Please keep in mind that your table could also be named differently when using a database prefix other than
wp_. Maybe, the table will be called
myblog_usersinstead. It's also possible to get that information from the
wp-config.php. In the upper line, click the first menu item called "Display". Now, you'll see the user accounts and click on "edit" for one admin. [caption id="attachment_76945" align="alignnone" width="660"] The user accounts in the table wp_users. One click opens a larger view.[/caption] Next, place a working email address in the email field and save your data. Make sure that you have access to this email address, and that you can receive emails. [caption id="attachment_76946" align="alignnone" width="660"] Set a new email address and save it.[/caption]
Requesting a New PasswordAfter you placed a new email address, you can log out of phpMyAdmin and call up your website's admin area with the following URL:
http://your-website.com/wp-login.phpNow, use the WordPress function for forgotten passwords. Click on "forgot password" and enter the email you just placed in the newly opened window. WordPress automatically sends you a new password to the email address you entered in the database. From that point, you have regained full access to your website, allowing you to remove it from malicious code. After you're able to log in again, please choose a safe password with at least ten characters, letters, numbers, as well as upper, and lower case letters. A proper password will make it a lot harder for future hackers to invade your website.