Fixing the WordPress login issue

September 10, 2008 · Filed Under mo30dc2008, wordpress · Comments 

As I mentioned in yesterday’s post, I was having some big troubles with some of my blogs. There was a bug in WordPress version 2.6.1 that was allowing crafty hackers to create a user account in your log and then with a well written piece of code, they could force a reset of the admin password.

Most people were able to get past the bug by simply upgrading to version 2.6.2. Unfortunately, a simple upgrade didn’t do the trick for me on all by blogs. on 3 of them, I was unable to complete the upgrade because I wasn’t able to log in to my admin section and perform the necessary upgrade. So I was caught in a catch 22. I needed to log in to my admin section to upgrade, and I needed to upgrade to log in to my admin section.

This morning, thanks to the suggestion of one very helpful WordPress savant, I was finally able to solve the problem for the remaining blogs. I figured I would share with you the steps I took in order to complete the upgrade.

1. Download a backup of all my wordpress files to my hard drive.
2. Use PHPMyAdmin to make a backup of the current database.
3. Upload the new 2.6.2 WordPress files.
4. Use PHPMyAdmin, Open the options table, edit the “active_plugins” record.
     - Copy the list of active plugins, paste in to a notebad for reference.
     - Delete everything in “value” portion of the active_plugins record and hit save.
5. Log in to your WordPress admin section.
6. Upgrade the WordPress the database.
7. Log in to your WordPress admin secton (if you were kicked back out like I was)
8. Upgrade and activate the proper plugins.

That’s it.

After everything I went through last night dealing with this bug, the solution ended up being pretty simple. 10 minutes from start to finish and I’m back to blogging rather than bug chasing.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tags: , ,

WordPress and the 2.6.2 mandatory upgrade

September 9, 2008 · Filed Under Ranting, mo30dc2008, wordpress · Comments 

Tonight was one of those frustrating evenings where you spend the entire time banging your head against your keyboard trying to figure something out that just doesn’t seem logical at all. It all started out pretty randomly, too.

This morning I realized that I wasn’t able to log in to the admin section of one of my blogs. I wasn’t getting an error message saying I had the wrong password, it was just returning to the login page. I told Jason about it and he says, “It sounds like you were hacked thanks to this security bug found in WP version 2.6.1.” So, of course I went and immediately upgraded the affected site. I then checked another of my sites. It, too, was affected. I upgraded it as well.

I got home around 5 after picking up my car from the dealership. (it had to have a little work done. blog post forthcoming.) We had dinner and then I headed upstairs to tackle the remaining upgrades. This is when the wheels fell off the cart.

I uploaded the new version of WordPress to the next site, modified a config file, updated a database table (all exactly as I had done this morning to the previous sites) but this time, the upgrade didn’t help. I still couldn’t get in. I tried a few more things with no luck. I did some searching online and found no real new information. It seemed like it was a pretty minor upgrade for everybody else and it’s only me that’s getting affected in this way after doing the upgrade. Just my luck. I can’t hit MegaBucks, but I can be the one in 4million who’s affected by some obscure bug.

Of the 13 blogs I manage, 10 of them upgraded smoothly. 3 are left in a state of limbo. The front end of the site works fine, so visitors will have no clue there’s an issue. I’m just unable to access the admin section. I’ve posted on the WordPress forum looking for help, so hopefully something will come of that pretty quickly.

Frustrated & beaten, I’m calling it a night. Hopefully the morning will bring better luck.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tags: ,