Locked Out After Installing WP Defender and WMPU DEV Dashboard

I'm locked out after installing Defender and Dashboard.

I added the dashboard and defender then updated the client's website. Once the site was updated I'm no longer allowed to log in. When I enter my login details it just kicks me to the homepage with a limited admin bar. After being logged in and then trying to go to the admin area I get a message; "Sorry, you are not allowed to access this page."

Since I cannot access the admin area all I can provide are my login details
wp-admin login
http://helenmitchell.org/wp-admin/
un: **********
pw: **********

Support FTP:
helenmitchell.org
XXX.XXX.XXX.XXX
un: **********
pw: **********

Moderator Note: Credentials removed for security purposes.

The client's hosting does not provide any access to the files or database through their control panel.

  • Rupok

    Hi Doug,

    We are so sorry for the inconvenience you are having. Thanks for sharing the credentials, but I'm afraid, this is not the best way of sending secure credentials because all our threads are public and anyone can see these credentials which is a security risk.

    However, I've already removed the credentials from your thread description.

    At this situation, the first troubleshooting step will be disabling the Defender plugin through FTP. I tried to login with FTP with your given credentials but those are not working. This is the status I get in my FTP application:

    Status:      	Connecting to XXX.XXX.XXX.XXX:XX...
    Error:        	Connection timed out after 20 seconds of inactivity
    Error:        	Could not connect to server
    Status:      	Waiting to retry...
    Status:      	Connecting to XXX.XXX.XXX.XXX:XX...
    Error:        	Connection timed out after 20 seconds of inactivity
    Error:        	Could not connect to server

    Can you please check if your server is working fine?

    If you can login fine with FTP, can you please go to your "/wp-content/plugins/" directory and rename the "wp-defender" directory and check if that helps you in getting access back to your site?

    Please let us know if this doesn't help. We will be glad to investigate further.

    Have a nice day. Cheers!
    Rupok

  • Doug

    I figured it out the problem. When WP Defender updates the database prefixes, it only does it for the tables. However, there are keys within rows of data inside those tables the are dependent upon the prefix change.

    However, WP Defender isn't changing those prefixes so that breaks the site. This should be looked at because unless the prefixes in the tables as well as the keys within those tables are changes, it will not allow anyone to login.

    As of now, those keys have to changed manually in phpmyadmin. Here is a good reference on how to do that in case anyone runs into the same problem.
    http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/

  • Rupok

    Hi Doug,

    Glad to see that you could make it work by yourself. Great job.

    Can you please provide one sample key data which is dependent on the table prefix? In my test site, database prefix change went fine without any issue. So I'm not sure if this is a generic database issue.

    I'll ping our developer after you send us details. If this is a generic issue, then we will definitely work on it to fix this.

    Have a nice day. Cheers!
    Rupok

  • Doug

    Here is everything I had to change within the database and they all appear to be standard tables as part of the WordPress core database.

    wp_options table int he option_name column
    wp_user_roles

    In wp_usermeta table in the meta_key column

    wp_user_level
    wp_dashboard_quick_press_last_post_id
    wp_user-settings
    wp_user-settings-time
    wp_capabilities
    wp_user_level
    wp_dashboard_quick_press_last_post_id
    wp_user-settings
    wp_user-settings-time
    wp_capabilities
    wp_user_level
    wp_capabilities
    wp_user_level
    wp_dashboard_quick_press_last_post_id
    wp_user-settings
    wp_user-settings-time

    All these along with all the table prefixes themselves but Defender seems to be replacing those with no issues.

    Let me know if this is what you are looking for. If you need anymore info just let me know.

  • Rupok

    Hi Doug,

    Thanks for sharing the details. This is really weird. All these keys should also be replaced by Defender automatically. But as that didn't happen for your case, I guess something stopped the process in middle. Could be memory being exhausted or something else, but we need to debug.

    Can you turn on debug mode in WordPress and then try to change your database prefix again with Defender? To enable it, open your wp-config.php file and look for define(‘WP_DEBUG’, false);. Change it to:

    define('WP_DEBUG', true);

    In order to enable the error logging to a file on the server you need to add yet one more similar line:

    define( 'WP_DEBUG_LOG', true );

    In this case the errors will be saved to a debug.log log file inside the /wp-content/directory.

    Depending on whether you want your errors to be only logged or also displayed on the screen you should also have this line there, immediately after the line mentioned above:

    define( 'WP_DEBUG_DISPLAY', false );

    The wp-config.php is located in your WordPress root directory. It’s the same file where the database configuration settings are. You will have to access it by FTP or SFTP in order to edit it.

    Past errors here. If file is very long, paste them to a text file and attach with your reply.

    Moreover, Can you send me message with your WP and cPanel access credentials through our secure contact form here: https://premium.wpmudev.org/contact/#i-have-a-different-question so we can investigate the issue further? And please confirm if this is okay to troubleshoot on your site. I'm asking this because I don't know if your site is a live site or not.

    Subject: "Attn: Rupok"
    - cPanel Username
    - cPanel Password
    - cPanel Login URL
    - WordPress admin Username
    - WordPress admin Password
    - Login URL
    - Link back to this thread for reference
    - Any other relevant URLs

    The subject line ensure that it gets assigned to me.

    I'm looking forward to hearing from you and resolving this issue as soon as possible.

    Have a nice day. Cheers!
    Rupok