wp-admin directory forwarding to upgrade.php

Hi. I'm having a problem logging into the Wordpress control panel on a particular site (www.agncn.org). I am not a WordPress expert by any means, although I do have a decent amount of online experience (I'm a longtime Expression Engine user).

When I try to login to the control panel by visiting http://www.agncn.org/wp-admin/, I am automatically forwarded to http://www.agncn.org/wp-admin/upgrade.php?_wp_http_referer=%2Fwp-admin%2F. If I go to http://www.agncn.org/login.php, I get the login form, but when I try to login, I am forwarded to that same upgrade.php url.

I have tried renaming the plugins directory (thinking that perhaps there was a corrupt plugin causing the problem), but that didn't help. I also tried renaming the .htaccess file in the wp-admin directory, that but that didn't help either.

Any ideas on why something like this might be happening?

Thanks in advance for any help you can offer - I really appreciate it. I was also planning on asking you some WordPress security questions, but I noticed that you have a video series on WP security, so I'll probably consume that first.

Sincerely,

Frank Johnson

    Patrick

    Hey there @Frank

    Welcome to the forums, glad to have you aboard!

    Renaming the plugins folder is a tried-and-true method to deactivate all plugins when you suspect a conflict... don't forget to change it back to plugins though

    However, renaming the htaccess file can wreak havoc on your site as WordPress requires it for permalinks among other things.

    Speaking of which, have you modified the default htaccess file in any way? Added any redirection rules to it? Do you perhaps have any plugin/script running that has redirection rules for admin logins?

    Frank

    Hi Patrick. Thanks for the amazingly quick response! A couple of follow-ups:

    1. I changed the name of the plugins directory back once I saw that it wasn't working (and I would have renamed it back afterwards anyway).

    2. I renamed the htaccess file only temporarily - just to see if that would solve the issue.

    3. I had added a new htaccess file to the wp-admin directory a couple of weeks ago (there wasn't one in the wp-admin directory prior to this) - the site was being inundated with failed login attempts, so I wanted to lock the wp-admin file down to only my static IP and my client's static IP. Initially it worked, but then stopped working (that was one reason I was going to ask some questions about security).

    4. In trying to solve today's problem, though, I noticed that the htaccess file in the wp-admin directory had basically been replaced (overwritten) - it appears by a security plugin I am using called Secure Scan Pro. That explains why my attempt to lock down the wp-admin directory stopped working. I believe I may have recently tried to tighten the settings of Secure Scan Pro and perhaps that's the cause of the problem. Is it okay for me to upload a file with the contents of the htaccess file for you to look at for me?

    Thanks again for the help!

    Frank

    Timothy Bowers

    Hey there.

    Could you also try renaming your current theme to something else, then trying to log in from /wp-login.php

    If there is no joy then can you please check the upgrade.php file is there:

    wp-admin/upgrade.php

    If it isn't then download and upload again. If it is then try to overwrite it w fresh copy.

    You may even need to reupload all the current WordPress files, except wp-config.php (check it looks fine), htaccess, and /wp-contents/

    Let me know how that goes.

    Take care.

    Frank

    Timothy. There is a file in the wp-admin which is named __upgrade.php (there might be only one underscore at the beginning) - I assume that's the upgrade.php file that's been renamed for some reason (perhaps by a plugin such as the security plugin?). I can rename it to upgrade.php and see what happens, but why would the wp-admin folder be forwarding me there in the first place?