Avatar of Tessando
TessandoFlag for United States of America asked on

Wordpress Login Just Refreshes Page - How Can I Login to Wordpress?

A client has a Wordpress site that I cannot login into the Dashboard (e.g. going to "https://SiteName_com/wp-admin"). The login page appears, with the Username and Password fields. When I paste in the login/password the entries disappear and the page refreshes.


There is nothing wrong or different with the site. In other words, the front-end Pages and Posts are showing as expected.


What is the best way to login to Wordpress?


I have a backup from July that I can roll back to as a last resort. Any ideas of how to just get in there and update it would be helpful. Thanks!

WordPress* Bitnami

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
Terry Woods

Sometimes behaviour like that can be an indication the site has been hacked. It gives the hacker extra time to use the site before they lose access.

A new backup of the site may be a good idea at this point, for reference. It can be done manually by exporting a copy of the database through phpmyadmin and making a .zip copy of the site files, then downloading it.

Depending on the importance of the site, you may want to make a development copy to diagnose the issue. I would probably start by checking the error logs in the hosting account and in the site folder, if they are present, in case they revealed any clues. It that didn't help, I think I would move out all the plugins (on the dev site, if one was needed) to a temporary folder, then try logging in again. Keep in mind you may lose track of which plugins were deactivated when this is done, which can sometimes be a problem, especially if you don't have a backup.

If still no luck, I would probably try replacing the WordPress core files with a fresh copy, and perhaps renaming the active theme folder if needed.

Keep in mind if the site was hacked, a single load of the infected files can potentially spread the infection, so a fresh copy of WordPress core files can become infected if you load the site with compromised theme files, for example.

Once you have access to the dashboard, installing the Wordfence plugin and running a scan could be helpful, in case there is malware in the site. Then restoring the various components of the site can help narrow down the issue.
ASKER CERTIFIED SOLUTION
David Favor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Paul Sauvé

sometimes you just have to clear the browser cache & flush the DNS cache

Clear cache and Flush DNS.pdf
ASKER
Tessando

You guys are awesome! Everyone has great suggestions. I took on David's advice and enabled logging.

For this particular issue, I got this line in the debug file:

PHP Notice:  Trying to get property of non-object in /opt/bitnami/apps/wordpress/htdocs/wp-content/themes/jupiter/framework/helpers/global.php on line 208

Open in new window


I did not set this up so it took a moment for me to figure out the Bitnami aspect of this. The line 208 of the global.php page is as follows:

    echo $post->ID; ?>" class="theme-page-wrapper <?php

Open in new window


This is now getting into Programming for a theme that I know nothing about.

I will look for a forum for the Jupiter Theme but in the meantime, do you suspect this could be resolved by replacing the core files? (e.g. the Famous Five-Minute installation)?

Thanks!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
David Favor

A PHP Notice won't block a login.

A PHP Fatal will block a login.

So likely you have some other problem occurring.

Keep in mind the WordPress debug log will only contain info to the degree WordPress can actually run.

You might have to review your Apache error.log file for additional detail, where WordPress crashes before WordPress logging can take over from Apache.
Terry Woods

As long as the theme hasn't been customised, you shouldn't have to change it anyway. The Jupiter theme is well maintained; I work with it more than any other theme, as a web agency I work with uses it for most sites. It may need updating, but commonly a theme update (when not done for a long time) also requires plugin updates, a WordPress core update, and a php version update. It's not uncommon for some minor issues to occur in the front end that need fixing after such an update too.

However, as David says, the error relating to the theme may not be the issue.
Terry Woods

It's possible replacing the core files could fix the issue, but I'd expect it to be more likely to be something else causing the problem, unless the site has been hacked, in which case more than just the core files would need replacing anyway.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Alicia St Rose

I recall this happening several years ago, it turned out to be an issue with the hosting company server. They were on Blue Host.
ASKER
Tessando

While I have no evidence that the site was hacked, it was very loosely configured on LiteSail. Per David's suggestion, it took less time to rebuilt it in EC2 than it did messing around with a compromised system. Thanks for the support, y'all!
David Favor

As @Terry Woods suggested, no theme file should ever be changed.

Instead do this...

1) Run the plugins Theme Check + TAC against the plugin.

2) If the plugin fails due to security problems, like backdoors... deinstall it immediately... as this tells you what the developers... mindset toward you the customer...

3) If #1 passes or produces innocuous (ignorable) errors, then open a ticket with the developers to fix this.

The PHP Notice you're seeing should be fixed, as almost surely in some future version of PHP, this will become Fatal.

4) Me personally, I deinstall any theme or plugin with debug log spew (any emitted debug info)... because... competent developers do their dev with WP_DEBUG constantly enabled + fix any problem they see in their code, before they ever release their code into the wild.

Incompetent developers use the philosophy embraced by IBM when I worked there for a decade...

"If it compiles, ship it! Bug fixes are covered by support contracts."

To me... this is very bad ethics...
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck