Holy Crap: Just Destroyed My Site & Brought It Back To Life

October 17, 2012

My hands are still weak from terror & my body is drenched in sweat!

I installed a security plugin called “Better WP Security” which almost gave me a heart attack.

Long story short – I was looking at wordpress plugins to scan my website for weaknesses & to patch them up.

I found this highly rated plugin mentioned above & installed. it. It does a variety of security scans & can automatically fix leaks for you.

ie: It can change your wordpress tables from default to a random name. It can ban troublesome bots & hackers. It can rename your default username from “admin” to something else. And a bunch of other stuff. (see here)

Anyways, I activated the plugin – backed up my wordpress database like it told me to, then let it run its magic. I let it change my wordpress default table name to something else. There was a big warning that popped up asking me if I was sure I wanted this done, I of course said yes! What could possibly go wrong??

All of a sudden, my site stopped working. I couldn’t log back into my dashboard.

At the same time, I have another plugin installed called “limit log in” which locks your ip out if you keep trying to log in to the dashboard with an incorrect password (a security measure against troublemakers). For some reason, that plugin locked me out of my own site & blocked my ip.


All my posts wouldn’t load. My site was dead & I couldn’t log in to make any changes. Everything said “error.” I was afraid of losing all my recent posts, messing up all my plugins, losing all the comments & stats.


Then I remembered I had used some program as a proxy long time ago – for when I’m out in public or to see videos that are location blocked. ie: If you’re in China, Netflix, Hulu & a few other American things will be blocked but you can use a proxy located in the US to log in.

What was the name of that damn program? Panic! I needed it to log into my own site from a different IP.

After searching a few terms into google, I found it again: Hotspot Shield. Quickly downloaded, installed & logged in to my wordpress dashboard. I could navigate here but all my posts were not loading. 404 errors.

But I was able to unlock the wordpress login lock that had blocked my IP mistakenly. Partial success.

However, the new plugin didn’t have a reverse option to make everything back to normal. That sucks.

Now I knew I had to do a database backup.

During all the heavy sweating, I remembered a post I had written on how to transfer your hosting from godaddy to bluehost.

I couldn’t go to that post but tried to remember my own steps so that I could manually log into bluehost, go to phpmyadmin, dump out the newly named wordpress tables & replace it with the one I had just backed up.

It’s funny how in a state of panic, even things you normally should know gets erased from the mind.

I used some positive affirmations & tried to calm down (ie: things always work out for me. this will work out for me. no need to stress. I can figure this out. Worst case, I have some backups made from before. I may only lose one or two of the most recent posts at worst. I can do this. etc).

Mental fog cleared. I had to look thru a bunch of different wordpress tables (I have a few sites hosted on same account) – then I finally located the right table. Dumped all the table data. Imported the backed up database like I had written in the transfer hosting article.

Now I tried logging in from my normal home IP – error. I tried hotspot shield again to use a different IP, still error.


Next step.

Only other thing I could think of was to FTP into my hosting account. I needed to manually search all the folders & files to see which ones were modified on 10/17/12 – assuming the security plugin had changed it and hoping I can figure out how to turn it back to normal.

I clicked on a few different folders & files – wasn’t really sure where to begin. I’m not a coder or even that technical when it comes to this kind of stuff.

Then I noticed that “wp-config.php” was modified on 10/17/12. Downloaded it, opened it as a text file, scrolled around – found the glitch!

Wp-config.php is a simply coded file so any layman can see what’s happening in there. That’s the genius of wordpress: simplicity.

In it, there’s a section called “database table prefix” and it was changed to random letters. I knew this was the same random letters picked by that new security plugin.

So I changed it back to what it was before. Save. Upload. Yes to overwrite.

Bang! I’m back.

I logged back into wordpress dashboard, everything looked normal. The new plugin had been reverted back to before it was run. Good sign.

I immediately deactivated it. Phew.

Now I opened up my site – looks normal. Opened up a few posts – all loaded!

Wow. How great is that.

Ok. So either everything above sounded like gibberish (because I did poorly in explaining or you are unfamiliar with this topic) — OR you know so much more & are smirking at the silliness of my mistakes.

The reason I’m posting this is because it taught me a few things:

1) If it ain’t broke, don’t fix it!

2) Always have a backup (#28).

3) Teaching others helps me learn better (ie: if I had not written that post on how to transfer from godaddy to bluehost, it’s possible I would not have remembered the database import procedure for myself, esp in a time of crisis).

4) Crisis clouds the mind, it’s good to have checklists or procedures handy (#32). I didn’t have a checklist but remembered the list I had made before.

5) Actively calm the mind in a crisis. Positive affirmations (ie: it always works out for me) can work to keep a cool head.

6) And I’m immediately writing this down to teach others so that I can better remember these lessons next time when I feel bored and try to fix things that are not broken!

Wow. I’m glad it all worked out.

I proved to myself that I can handle a tough crisis & come out of it ok – even if I’m drenched in sweat & my hands have the shakes!