I thought I'd upgrade security on some of my sites last week.
I installed a plugin called "wp-security-scan", which made some sensible suggestions:
1. Change the table prefixes from "wp_" to something else (and update wp-config)
2. Rename the admin user
It the offered a button that said "rename now.."
So I did.
The plugin then reported that it couldn't update wp-config. So I did that manually.
*BANG* - The sound of the door slamming on the admin panel.
I couldn't log in "you do not have sufficient permissions to view this page"..
Looks like a file rights issue, right? Wrong. Nothing odd about the file rights or ownership (according to Jab Web Support).
So I set about rolling back the changes. Rather than use my database backup, I decided to find out exactly what that plugin had done..
So, I manually renamed all the tables back to "wp_"
till no login.
Looking inside the tables, though, I found that the plugin had renamed all FIELDS starting with "wp_" as well..
Things like "wp-user_roles". Fairly crucial.
Anyway, the solution was to browse wp-user and wp-user-meta for any fields starting with the new prefix, and rename them back to "wp_"..
Et voila. Access granted. :)
All would have been well, except that some IDIOT at Jab Web wrecked the DNS settings for the site, and it disappeared off the web. Thanks Guys!
Fortunately, I spotted the error, and corrected it. And fired off an email at Jab Web. No response even now...
No comments:
Post a Comment