November 19, 2012    Tags: , , , , , , , , , , , , , , Articles Blog Platforms Blog Tech Tips How-To WordPress WordPress Plugins and Themes   

Can’t Access WP-Admin – blank white screen FIXED!

This weekend I encountered a particularly vexing problem that had me wondering if my site had been hacked.

When attempting to access /wp-admin/ in order to make some changes, I got a blank white screen with no content whatsoever. I viewed the source of the page and was confronted with some styles and JavaScript in the page’s header that seemed to be attempting to harvest credit card numbers.

Needless to say I was alarmed and almost panicked.

The script in question was the following:

The rest of the site seemed fine. The only evidence of a problem was an inability to access the admin.

I did some searching and discovered that the code in question came from the Avast Web Rep browser add-on, and that it was there to protect browsers from malicious code. After trolling message boards trying to find a fix, I came to the realization that the Avast add-on was not the issue. Something else was causing the Avast code to be the only thing that appeared, and it was a problem in either WordPress or one of my Plugins.

What followed was a desperate series of maneuvers designed to expose the issue, whatever it was.

  1. First, I checked “wp-config.php” and “wp-settings.php” to see if they contained anything suspicious, but both files seemed fine.
  2. Then I traced the WordPress loading process, checking each of the included files for changes or anything that looked malicious. Again, nothing obvious.
  3. Then I downloaded a backup from two days earlier and re-uploaded the entire “/wp-admin/” folder. No dice.
  4. I did the same with the “/wp-content/plugins” and “/wp-content/themes/” folders. Again no luck.
  5. Finally, I re-named the “/wp-content/plugins” folder to “/wp-content/unplugins” and went to “/wp-admin/” in a browser again. This time I got in, and was treated to a series of messages indicating that each of my plugins had been deactivated due to missing files.

After that, all I had to do was

  1. change the name of the plugins folder back to “/wp-content/plugins”,
  2. then activate the plugins one-by-one until the admin broke again,
  3. then delete the offending plugin, which luckily was nothing important.

Ta-da! Back in action.

Related Posts Plugin for WordPress, Blogger...
Darryl Erentzen