Fixing the WordPress login issue
As I mentioned in yesterday’s post, I was having some big troubles with some of my blogs. There was a bug in WordPress version 2.6.1 that was allowing crafty hackers to create a user account in your log and then with a well written piece of code, they could force a reset of the admin password.
Most people were able to get past the bug by simply upgrading to version 2.6.2. Unfortunately, a simple upgrade didn’t do the trick for me on all by blogs. on 3 of them, I was unable to complete the upgrade because I wasn’t able to log in to my admin section and perform the necessary upgrade. So I was caught in a catch 22. I needed to log in to my admin section to upgrade, and I needed to upgrade to log in to my admin section.
This morning, thanks to the suggestion of one very helpful WordPress savant, I was finally able to solve the problem for the remaining blogs. I figured I would share with you the steps I took in order to complete the upgrade.
1. Download a backup of all my wordpress files to my hard drive.
2. Use PHPMyAdmin to make a backup of the current database.
3. Upload the new 2.6.2 WordPress files.
4. Use PHPMyAdmin, Open the options table, edit the “active_plugins” record.
– Copy the list of active plugins, paste in to a notebad for reference.
– Delete everything in “value” portion of the active_plugins record and hit save.
5. Log in to your WordPress admin section.
6. Upgrade the WordPress the database.
7. Log in to your WordPress admin secton (if you were kicked back out like I was)
8. Upgrade and activate the proper plugins.
That’s it.
After everything I went through last night dealing with this bug, the solution ended up being pretty simple. 10 minutes from start to finish and I’m back to blogging rather than bug chasing.
26 Responses to “Fixing the WordPress login issue”
About John Hawkins
John Hawkins is a long time web developer, WordPress enthusiast, WordCamp speaker and organizer living on the outskirts of Las Vegas with his wife and two teenage children. In 2009 John co-founded 9seeds, a custom WordPress development company.Social Connections
John, thanks for commenting on the post I wrote today about my ‘endless WordPress login loop’ with a link to this post of yours.
I’ve fixed my issue which I don’t think is the same as yours, involving a WordPress security exploit according to DreamHost support.
I’ve updated my post with details of the problem and how it was fixed.
http://tinyurl.com/6credp
I have the same issue on a new install & I’m with you ’till step #5. Looks like step #7, login, which I can’t do, and which is the problem in the first place. As a new install, I’m also not upgrading the database. Any ideas?
@Neville Hobson Thanks you for the update, too!
@Brett hmmm, that’s interesting. Are you getting an error message, or is it simply just loading up the login page again? Does it say you have a problem with the username/password?
Let me know, I’ll be glad to help.
Thank you. That worked perfectly for me.
Now for that long long overdue site redesign…
[...] I was a victim of a security hole in an older version of WordPress. I found a useful article by John Hawkins that details the issue. His solution was a little more involved than I wanted to get into, so I [...]
I have the same problem and have read and tried many different fixes. None of them work. What I’ve found is that when you try to login, and are sent back to the login screen without a password, you are actually logged in. If I try going directly to an admin page (other than wp-admin/index.php) there is no problem. So it seems like there is a redirect problem. BTW, this installation is behind apache authentication and https, if that helps anyone.
Thank you very much!!I can fix the same problem with your hepfull information.Thank you very much again!
You are my hero. I deactivated all of the plugins but somehow some strange plugin that I wasn't even using was still in there with a .bak extension. Deleting that value fixed everything. That's pretty ridiculous.Thanks
@David I'm glad I was able to help.
@Mike I've read so many different variants on how the problem manifests itself to different people/sites. I don't know if it's due to a combo of which plugins you have installed or if it's something else entirely. All I know is, I'm glad I'm past it!
John,So helpful – I was freaking out – thanks!
Thanks, John. This worked for me after having problems with the “Maintenance Mode” plugin. That plugin has gone to the trash for good!
@Dan – Glad it helped! Thanks for stopping by!
@Shane I've never used the Maintenance Mode plugin. I was interested in checking it out. Sounds like I don't need to waste my time.
I just renamed the plugins folder so that WP couldn't find any, logged in (it stops the login loop happening), upgraded, and re-named the plugins folder back to 'plugins'.
awesome… this fix worked for me.Thanks!
Ahh, nice! That's another way of getting around it. Thanks for commenting.
Good deal. Gald to help!
Yep. Definitely the Maintenance Mode plugin. Just went through the same thing all over again with a different client site.Stay far far away from the Maintenance Mode plugin!!
Ohh, that's good to know. Thanks. I was planning on trying that out in my next batch of plugins.
This is excellent. Simple, straightforward, and worked perfectly. Thanks a lot!
Thank you, this fixed an endless login loop I was experiencing halfway through the 2.6.5 update. I would login, it would then redirect me to the upgrade.php page for a split-second, then loop me back to login. You instructions to remove the active plugins was the fix. That allowed me to login and complete the database update, then manually re-activate plugins. Thanks again for posting!
Thanks! that really help!
Wow what a pain that must have been! I was pretty lucky and none of my 5 blogs were affected by this issue. Boy oh boy would that have been a disaster. By the way what was the goal of the hackers anyways? To add malicious code?
Just stumbled across this blog. Thanks John, I had this problem too and your fix worked and resolved the problem.
Looked that our is best
You are doing it wrong. Teach him to play the oboe. Full ride college scholarship