1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress admin login not working at 000webhost.com

Discussion in '000webhost.com General Support Forum' started by Bad Karma[CORE], Apr 13, 2013.

  1. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    Just realised that there seem to be issues with logging into the WordPress admin dashboard when hosting your blog at 000webhost.com. I have a test blog there for testing widgets and themes and was about to test a live chat plugin, so i went and tried to open my WP dashboard. Surprisingly the default 000webhost.com 404 error page was showing up which made me wonder as i did not make any changed to the blog recently. No changes to the .htaccess file either..

    Checking the 000webhost.com helpdesk blog i noticed that another volunteer support staff member had the same issue. He reported a newly setup blog not working either, same problem as mine. When logging into the WordPress dashboard -> 404 error page. So i installed a clean copy of WordPress to double check and right after setting up the default admin and password i was forwarded to the 404 error page instead of the dashboard login.

    I think it's got to do with some sort of protection that 000webhost.com put in place to stop the global bruteforce attack on WordPress sites that is currently going on. A botnet of ~90.000 (according to heise.de) computers is scanning the web for WordPress sites and tries to bruteforce the admin accounts to upload malware/trojans/whatever.
     
    #1
  2. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    Confirmed. During the attack on WP sites 000webhost.com routed all incoming requests for the wp-login.php to their error page
     
  3. lobrc

    lobrc secret

    At least it's intentional and not a server problem like it usually is with them.
     
  4. Repo

    Repo Active Member

    There's a workaround, rename wp-login.php to wp-login2.php and change (line 671 for me)
    from
    PHP:

    Sorry you need to register or login to see this code !

    to
    PHP:

    Sorry you need to register or login to see this code !

     
  5. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    That might log you into the dashboard but is not the only line of code referencing wp-login.php, for example the admin bar or password reminder use wp-login.php too. So you either have to change that code as well or simply wait until the attack is over and 000webhost.com does not redirect incoming requests for wp-login.php anymore.
     
  6. Repo

    Repo Active Member

    Yeah it's not perfect but it gets you into the admin panel if you really need to get in and can't wait; I should have said to revert back to how it was after the attack in the first instance.
     
    • Like Like x 1
  7. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    If your live depends on being able to log into the admin panel then yes hehe.
    Other than that i probably would have simply protected the /wp-admin folder using .htaccess/.htpasswd.
    But then that's just for a single WP installation, from the point of view of a hosting company it makes more sense to block the access to wp-admin entirely. What's kind of disappointing is that 000webhost.com only put the announcement about WP logins not working for the duration of the attack in the control panel. They could have made it a bit more prominent by adding it to either their homepage or the login page to their member area.

    This would also have reduced the amount of tickets that were submitted regarding issues with the WP admin login :D
     
    • Creative Creative x 1
  8. Repo

    Repo Active Member

  9. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    The admins considering an upgrade to PHP 5.3 is not really worth a new topic really. If a decision was made to upgrade, then yes, a new topic should have been made. But from what it sounds like the old servers (9-48) will not get an update at all as it will break the Site Reptile website builder. If new servers get added (which i don't see happening any time soon) they will have PHP 5.3 but maybe a different website builder.

    That there are a lot of things that could have been made more prominent or fixed over time....i know that. Dunno how many times i read tickets about those things and saw suggestions about what to change on the helpdesk blog. Did the admins bother to sort that out? No :)
     
  10. Repo

    Repo Active Member

    It is for someone like D3iti, a topic is easy to find compared to a post in a topic and might stop people posting about an upgrade (or atleast it would be easier to direct them to that topic - one started by someone with the word admin under the name)
    Admins must be happy with how things are, 000webhost makes enough money and is just part of how many other companies they run. Actually telling the truth about things like email limits on paid hosting is the same as free might hurt, so best to not change I suppose. Infact just updating a few things could be worse, a lawyer would argue that they were deliberately misleading by only updating what was good whereas now they can say "Oh yeah, sorry about that, we haven't updated anything since 2008 -we'll be right on it M'lord" :D
     
  11. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    Haven't checked their forums lately, not much time for that really.
    It's not about telling email limits (which they will anyway as soon as you get your account suspended for mass mailing and you get the canned reply from Chanh) of free and paid accounts. It's the minor things, like typos on the website and some not so minor ones like the old "Yeah, with us you get cPanel hosting" page -> http://www.000webhost.com/free-cpanel-hosting or the "unrestricted PHP" story at http://www.000webhost.com/free-php-hosting. Soon enough users will find out that PHP by no means is unrestricted, same goes for MySQL.

    And erm...:
    Why "Repo" and not "ShocK"? :D
     
  12. Repo

    Repo Active Member

    Ha yeah, the canned replies from Chanh (has hosting24 heard of level 1/2/3 support?)
    I wondered when you'd check my IP hehe; I signed up here ages ago using the name ShocK, then I signed up again thinking I hadn't signed up before (one was with facebook I believe) and your? (this is your forum right?) IP checker caught me for multiple accounts - Couldn't sign up again until my IP changed, I'm with virginmedia.com and IP's don't change very often; I've only had 2 IP's in the last 18 months.
     
  13. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    I checked your IP a while ago already and matched it against the ones at 000 hehe :)
     
    • Like Like x 2
  14. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    Issue has been fixed, access to wp-login.php should now work fine again.
     
  15. Repo

    Repo Active Member

    Just need to fix their forum now :D
     
  16. Jen

    Jen Member

    Hi guys, sorry to start up this post again but 000webhost is blocking wp-admin access again. Do you know approx how long this lasted the first time round? I tried your fix but got a parse error. :( This sucks!
     
  17. Repo

    Repo Active Member

    How about wp-login? I think wp-admin has been blocked for a while now.
     
  18. Jen

    Jen Member

    I go to the url.com/wp-login.php and get sent to http://error404.000webhost.com/?

    I do your fix as per previously in this thread go to url.com/wp-login2.php and get the following php error...

    Parse error: syntax error, unexpected $end in /home/a8778284/public_html/wp-login2.php on line 746

    Contemplating attempting to move the wordpress installation... pain in the ass though as this website is only for a mate. :(
     
  19. Jen

    Jen Member

    Ok, I fixed the parse error... some random letter at the end of wp-login2.php...

    I get to the login page... put in the username & password and promptly get sent back to http://error404.000webhost.com/? again.

    Argh! :(
     
  20. Bad Karma[CORE]

    Bad Karma[CORE] Erm... Staff Member

    Likely to be an issue with the redirect.
    Can't really tell much without looking at the actual code changes you made. Can you please post them?
     

Share This Page