Beware of Naughty Plugins

I was working on my WordPress empire, and got a bit too careless with updating plugins. I tried out a host of new things for collaborative editing, multilingual WordPress, slideshows, backups, and so on.
And then: snap! The back end was inaccessible, even to me, the superadmin. I googled the error message, as you should always do, but to no avail. En passant I found a useful tip on the site of WPML: If you haven’t done yet, generate your Nonces and Salts in wp-config. (if you don’t know what I’m talking about, safely ignore until your site starts acting strangely, then pay a geek a lot of money to fix it 🙂

Anyway, in my case (a regular 3.5.1. multisite install) it was a plugin called “Portfolio slideshow” that caused a message like “you have no permission to view this page”. Just delete the plugin and things should work again.

If not, the malicious plugin might have changed that database, and if you’re mental like me, you don’t have a backup lying on the shelve, so you have to open phpmysql and edit your options table directly (look at table prefixes and user permissions)

Leave a Reply

Your email address will not be published. Required fields are marked *