Few days ago, we ran into an issue where a user’s site got hacked and their admin account was deleted from the database. This locked them out of their site without any other entry. We went in to the phpMyAdmin and created a new admin user to grant them access. In this article, we will show you a step by step guide on how to create an admin user in WordPress Database via MySQL.

Note: You should always make a backup of your database before performing any MySQL edits. This tutorial requires basic understanding of how phpMyAdmin works.

First, you need to login to phpMyAdmin and locate your WordPress database.

Once inside phpMyAdmin;

Once you are in, we will be making changes to the wp_users and wp_usermeta tables. Lets go ahead and click on wp_users table.

phpMyAdmin wp_users table

We need to insert our new admin user’s information, so click on the Insert tab like it shows in the image above. In the insert form, add the following:

ID – pick a number (in our example, we will use the number 4).
user_login – insert the username you want to use to access the WordPress Dashboard.
user_pass – add a password for this username. Make sure to select MD5 in the functions menu (Refer to the screenshot below).
user_nicename – put a nickname or something else that you would like to refer yourself as.
user_email – add the email you want to associate with this account.
user_url – this would be the url to your website.
user_registered – select the date/time for when this user is registered.
user_status – set this to 0.
display_name – put the name you like to display for this user on the site (it can be your user_nicename value as well).
Click on the Go Button

The post Adding an Admin User to the WordPress Database via MySQL appeared first on .

Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.

The post WordPress 4.2.2 Security and Maintenance Release appeared first on .

This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified.

WordPress’ official statement on the security issue:

The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly. It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don’t use Akismet.

That auto-update is now being rolled out to sites where updates have not been disabled. If you are unsure of whether or not your site can perform automatic background updates, Gary Pendergast linked to the Background Update Tester plugin in the security release. This is a core-supported plugin that will check your site for background update compatibility and explain any issues.

Since Akismet is active on more than a million websites, the number of affected users that were not protected is much smaller than it might have been otherwise.

WordPress 4.2.1 is a critical security release for a widely publicized vulnerability that you do not want to ignore. Users are advised to update immediately. The background update may already have hit your site. If not, you can update manually by navigating to Dashboard → Updates.

The post WordPress 4.2.1 released new patch appeared first on .

WordPress Security Alert – WP Super cache

Security firm Sucuri revealed on their blog this week that they had uncovered a persistent cross-site scripting vulnerability in the popular WordPress plugin WP Super Cache. The effects of this vulnerability can be severe as an attacker can potentially insert malicious code into WordPress pages without your knowledge. Anyone who has experienced this type of attack due to a plugin security flaw knows how difficult and time consuming remediation can be.

Cypress North

WP Super Cache is deployed across all of the WordPress sites we host in our data center, and for good reason. The excellent plugin dramatically boosts the performance of WordPress sites while simultaneously reducing load on the web servers. The code for this plugin is mature and stable, rarely requiring updates. That’s part of the reason why it’s trusted by over 7 million websites. It’s popularity makes this security flaw a big concern for site owners.

Cypress North

The update process is quick and easy so you should take the time to log in and click the update now link as soon as you’re able. If you’re fortunate enough to maintain your sites under a multi-site install you’ll be able to take care of this issue in one shot. Otherwise, like us, you’re stuck logging into each installation and manually updating each site like we spent all yesterday doing.

According to the blog post by Marc-Alexandre Montpas:

Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

The nonce requirement lowers the odds of the backdoor taking effect since the cached page gets purged periodically, but still, better safe than sorry. The scale of the vulnerable sites makes exploitation an inevitable event. Do your part to protect the web and get updating.

The post WordPress Security Alert appeared first on .

A serious vulnerability in the WP eCommerce Plugin was announced within the last 24 hours (321st Oct 2014) . A fix has been released and some hosting companies are already auto-upgrading customers to the newest version.

Upgrade to 3.8.14.4 of WP eCommerce immediately if you use this plugin. Please spread the word because with almost 3 million downloads this is a very popular plugin.

Details on our blog…

​

The post Web Security Issues appeared first on .