[Solved] Not able to login into wordpress

[y2asafemeds]

I am trying to login from 

https://y2ameds.com/wp-admin/

Not able to login. 

Receiving this message. 

Forbidden

You don't have permission to access this resource.

 

 

[wolstech]

All of your permissions are jacked up (files need to be 644, a bunch of things are 444 or even 044 which makes no sense), there's 2 suspicious PHP files in the docroot (ipdi5.php and xynz1.php), and your index.php has been replaced with malware. 

You got hacked...very common for WP, and it only took like 2 days for it to happen.

Delete the entire site and rebuild it.

[wolstech]

I've added a deny from all to .htaccess to block the entire y2ameds.com site until you can clean it up.

If this happens a second time, it's likely that one of the extensions or themes you used had a backdoor in it.

EDIT: Your logs are full of hacking attempts too. All that traffic from the 172.68.0.0/14 range of IPs are hackers attempting to get into your site. If you rebuild your site, I'd recommend you block that entire range.

Edited September 23, 2024 by wolstech

[y2asafemeds]

Thank you for guiding me. I will clean up my site and block the traffics from the IP address that you mentioned. 

I will rebuild the site again. 

@wolstech But my account is again suspended. Kindly, unsuspend it, so that i can do the steps that you have told me. 

 

Thanks & Regards

 

 

[wolstech]

It would be best if we just reset the account to delete everything so you can start over. There's no way of knowing what the hackers did. Do you want me to reset your account?

if not, I'll delete the WP install and its content manually for you before I unsuspend it.

Please let me know how you want to proceed.

[y2asafemeds]

Please reset the account. It is easier. 

I will try installing everything again. 

If the problem persists even after taking all the measures, then i will use another script. 

Regards

 

 

 

[wolstech]

The account has been reset. Please look for an email to finish setting up a replacement account.

I would suggest blocking this IP range in .htaccess once you set the new account up before doing anything: 172.68.0.0/14 This range is where the attack came from.

[y2asafemeds]

Thanks for resetting the account. Also, I have blocked the IP address you have mentioned in Cloudflare's firewall

I have recreated my account and installed Wordpress. 

But now, I am not able to login into the admin page of Wordpress. 

www.y2ameds.com/wp-admin

Receiving the following message. 

Not Found

The requested URL was not found on this server.

 

Please look into it. 

Regards

[y2asafemeds]

Its working now. Might be a delay in install. 

Thanks. Please dont do anything, regarding that 

 

Regards

[wolstech]

A domain can take up to 2 hours to work properly after you finish resetting your account. 404 errors are normal during that time.

Please let us know if you need anything else  

[y2asafemeds]

My account is suspended again. I have blocked the IP address mentioned by you. 

I only tried to install and edit the site yesterday. 

Seems, like Helio Host is not for my theme or maybe some hackers are already into my theme through some back door. 

I installed the plugins and other things that was mentioned in the blog to reduce load.

Thanks for your time and efforts. 

Regards

[wolstech]

It's high load again, and it's due to the software you're running. WordPress is notorious for high load, especially if certain plug-ins are installed (wordfence, woo commerce, and elementor being the big three common offenders).

WordPress is an issue often enough that it has its own page on our wiki: https://wiki.helionet.org/misc/wordpress it's basically the number one cause of load suspensions.

For what you want to do, a VPS would be the best choice since removing extensions is not going to be a feasible solution. And it looks like you're using 2 of the 3 the biggest offenders. VPS is a little bit more challenging to administer since it comes with SSH access to a command line instead of a UI (although we can install a control panel like Hestia if preferred), but it has no load limits.

If you want to try reducing your load, let me know and I can unsuspend you. You're not hacked this time, it's just the software was too heavy.