WordPress automatic login but no wp-admin access

1
votes

I was given a PHP project based on a WordPress site. The thing is, I can't access the wp-admin panel. I saw a lot of questions about that on StackOverflow, but I couldn't find an answer to mine.

Login to WordPress is done through wp-config.php with the MySQL settings (I can see it because when I put wrong credentials I cannot access to the project's internal pages). I was told I can access to the wp-admin panel by adding wp-admin to the URL. There is no wp-login.php file as it is an automatic login.

Actually when I put in my URL http://localhost:9999/html/pages/wp-admin (which is the location of my folder wp-admin), I just get the list of subfolders.

I connect well with an administrator account (in the database it is written wp_capabilities | a:1:{s:13:"administrator";b:1;}) however when I test with the current_user_can('administrator') function, I am not considered as admin. Can you help me by directing me to where to look?

1
phpwordpress
Try to "manually" update your WordPress. It seems that you could be lacking some core files/updates that makes you unable to acces the /wp-admin feature. wordfence.com/learn/… let me know if this works. I know that this is a local project, but I'm gonna give you the advice anyways. You should really hide the directory from be visible in the browser. This can be done in the .htaccess file by adding Options -Indexes to the file. Else this could be valuable information for hackers to try and locate vulnerable plug-ins etc.Martin
It did help thanks, the admin problem is solved thanks to that! Thing is the original project does not include an index.html in the wp-admin cause it's not use like that I guessninagath
Alright, I can put it as an answer for you to accept then. :)Martin
if you have ssh access you can use the wp cli tool works also for plugins and a lot of db related stuffalo Malbarez

1 Answers

0
votes

As per my comment to the original question, it could seem that you're missing some core files or functionality in your WordPress application. One way to solve this is to "manually" update your WordPress.

How to manually update WordPress: https://www.wordfence.com/learn/how-to-manually-upgrade-wordpress-themes-and-plugins/

I will also mention that it is generally a bad thing that your website directory is accessible through the browser display. The reason for this is that it will be easy for people with malicious intent to look for security breaches.

One way to prevent this is to edit your .htaccess file to include the following:

Options -Indexes