Messed up my WP after Security Plug-ins

It appears I’ve screwed up my WP.

I was installation some security plug-ins advised and those plug-ins now stop me from accessing the admin menu. I tried to restore the SQL but this still did not fix it. I think the plug-ins must have hid the login URL for security measures. I know I should have known better, but I thought an SQL restoration would have solved it, which it has not. I’ve also deleted the plug-ins in the directory,which still did not do anything. Even though it’s my own site I still feel I need to solve this.

The installed plug-ins I installed were:

1. Plugin CHAP Secure Login
2. Plugin Login Lockdown
3. Plugin AskApache Password Protect
4. Plugin WP-DB-Backup
5. Plugin WP-Security-Scan

I don’t know if there is somewhere in the SQL database which allows me to see the URL for the admin. I think I’ve really done it this time!

It might be worth checking the permissions on the /wp-admin directory and checking the .htaccess file to see if there are any rewrites there preventing you from accessing /wp-admin in the normal fashion.

/wp-admin, /wp-content and /wp-includes are set to 755. I really want to debug this and get this fixed.

Well, if you can’t do anything at all…then remove the offending plugins, get to your admin account and log in, disable them all, and after that re-enable one by one to know who did the job!.

How to remove the plugins? Well, it is a bit drastic but this is as easy as using your FTP account and removed them from the wp-content\plugins folder.

By removing the plugin files, you don’t remove the plugin data in your db, though, so I’d clean up the database as well.

I’ve deleted the plug-ins in the WP plug-ins folder in the FTP, I’ve also replace the SQL database with a backup. Is there a way I can find the login page in SQL, maybe this would help. The problem is still not resolved after all this, so I am puzzled on what else to do, apart from creating a completely fresh WP installation.

So /wp-admin doesn’t redirect you to /wp-login.php?

I know AskApache PassPro messes with your .htaccess files. So it might be worth checking both the wordpress root folder and the /wp-admin folder and removing the AA PassPro sections from their .htaccess files.

Nope I get a 404 error. I too think the error is AskApache PassPro, I will work on it and see what I find.

Thanks for your advice. AskApache certainly did do something in the .htaccess file. I removed all the code it added but it did not fix it.

1. Replaced the wp-config files with older files
2. Replaced the SQL database
3. Replaced the .htaccess files
4. Deleted the security plug-ins

This situation reminds of when I use to set passwords which were too complex for anybody to remember, in the end I would end up forgetting the password.

There is one thing left to do, which I feel would be inevitable at this stage, and this is to completely replace WP installation and start from the beginning. I will eventually isolate the problem. I feel one of the plug-ins changed the location of the WP-admin and WP-login locations, to an undisclosed URL.

Edit: Found this post - http://wordpress.org/support/topic/askapache-password-protect-problem-1. Seams to be the offending plug-in. I will reset the plug-ins folder and see how it goes.

I’ve now managed to log in with this /wp-login.php?redirect_to=http%3A%2F%2Fwww.exampledomainname.com%2Fwp-admin%2F&reauth=1, but when you’re logged in you still can’t make edits as I get the 404 message. I’ve reset the plug-ins folder too, but still no hope.

I’ve since fix the issue. AskApache created a .htaccess file in the /wp-admin folder which cause the issue. Once deleting this it worked okay. Never using that plug-in again