Kindly request your advice how to redo missing

Hi guys
hired a developer but he messed up me multisite installation, also added a hidden admin-user and deleted prefix 'www.' for main page access at network_admin level.

Kindly request your advice how to redo things

1) missing 'www.'
(network-superadmin site settings is blocked can't be modified)

2) delete hidden superadmin --- public_html/wp- ???

In advance thank you.
klaus

  • Vaughan

    Hi Klaus,

    Hope you're well?

    Multisite works best without the www anyway, but this could be done a number of ways.

    With regards to a hidden super-admin, the user should be in the DB, but could also have added code to create the user, not sure without looking deeper into that.

    Can you send your details using the following contact form (select I have a different question from the dropdown.)

    http://premium.wpudev.org/contact/

    Mark for attn: Vaughan
    Include a ref URL to this thread.

    Please include the following details;
    - Site login details (super-admin if multisite)
    - FTP login details in case I need to take a look at the theme/plugin files
    - CPanel/PHPMyadmin credentials in case I need to check the DB.

    Thanks

  • Klaus

    Hi Vaughan

    thank you for prompt response. Unfortunately I do net get permission from me manager to give you access at all (security policy).

    Do appreciate to be guided by you to solve this issue.

    1) regards 'www.' since removed all links are broken, redirect does not work
    So question is which file to modify to update settings to www. again?

    2) Check all user tables but no db's includes that additional superadmin, so code must been added. Files listed below where changed while developer had cpanel access.
    wp-signup.php
    wp-settings.php
    wp-login.php
    wp-load.php
    wp-comments-post.php
    wp-activate.php
    wp-mail.php
    xmlrpc.php

    Which one of them could include probably user code?
    How could this code look like?

    Thanks

  • Vaughan

    Hi,

    Ok, well i'm not 100% sure on the www as this could be done a number of ways.

    However, there could have been a URL rewrite code in your .htaccess file for this.

    With regards to the edited files, not sure why he would have changed those files, there shouldn't be any reason to edit any of the core files.

    It would most likely be quicker and easier, to download a copy of wordpress zip from here.

    https://wordpress.org/download/

    Then unzip this to your desktop.

    You will then see all the files in the wordpress folder.

    First delete the wp-content folder from the zip you just downloaded, you don't need that.

    Using FTP, upload all the files & the wp-admin & wp-includes folders to your sites root folder (where wp-config.php resides) making sure to overwrite the existing files.

    This will then replace all the wordpress core files with their original files, so any changes the previous developer made will be removed.

    Also, double check for any files in a folder called /wp-content/mu-plugins, as changes could have been made there too.

    Hope this helps

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.