Security
  • Announcements
  • Promotions
  • Products and Services
  • Company News
  • Meet the Team
  • Security
November 15 2020
Security

You've been downgraded to subscriber - when your WordPress website locks you out

PostedSunday November 15th 2020

The scenario – you can’t get to your dashboard.

You log in to your WordPress website as you normally do, but this time, something’s different – you’re redirected back to the front page of your website. Perhaps you then try to visit the /wp-admin/ page again, only to be once again greeted by the front page of your website. The WordPress toolbar is missing some links, and the Dashboard button has disappeared too!

You are now viewing your website in the eyes of a customer or visitor.

So, what causes this to happen?

The short answer to this is that your Admin account’s permissions have been malformed, overwritten, or removed in your WordPress database.

Without these permissions being set, a WordPress account has the same level of access as a commenter or customer – nothing much more than a client profile. This is better known as the Subscriber role. Whether your site has a store or not, this level of access is built-in to the WordPress core.

This phenomenon is a common result of your themes and plugins being outdated, corrupted, vulnerable to scripting attacks, unreliable or poorly coded. There are many ways that this database information can get manipulated without your knowing.

Reclaiming admin access to your website

Consider recovering a backup of your WordPress database to a time where this issue wasn’t present.

However, restoring a backup might be a risky move if you have eCommerce on your site, a mailing list, or any other recent updates to your site. Because the WordPress content management system is largely built and managed from the database, you are vulnerable to losing changes you’ve made and data that was created after your backup date.

If you’re using a VentraIP Australia web hosting service, you can rest assured knowing that backups will be available on your service as we take these for you automatically. We have a support centre article on how to use Acronis Cloud Backups to restore a database if you’re not familiar with this tool.

Otherwise, if you’re pretty savvy with databases you could attempt to repair the table entry yourself. We’ve said it before and will say it a million times again – take a backup before you do this!

You will first need to obtain the user_id value for the user account in question from the wp_users table. Then, find the corresponding entries that match the user_id from earlier.

Use a query or navigate to find the wp_capabilities entry that matches your user_id. You may notice here that the meta_value is blank, malformed, or incorrect. Even if this value looks correct, replace the meta_value with the following string:

a:1:{s:13:"administrator";b:1;}

If you’re not confident with your databases and no suitable backups are available, hire a professional WordPress developer. Although this phenomenon seems unusual, most good developers are very familiar with this problem.

Share this article
Who are VentraIP Australia?
VentraIP Australia is the largest privately owned web host and domain name registrar in Australia, backed by a team of industry veterans and local technical professionals.
View website