Hari ini nemu kasus aneh di wordpress https://bsk.telkomuniversity.ac.id
User administrator yang biasa tidak bisa mengakses wp-admin, padahal bisa login
Troubleshooting yang dilakukan:
- restore .htaccess ke default wordpress
- cek wp-config.php jika ada script yang aneh, semua normal
- rename folder plugin dan themes
- replace folder wordpress menggunakan wordpress terbaru
Tetap tidak bisa diakses.
Cek hak akses user di phpmyadmin sudah betul masih memiliki akses sebagai Administrator
Hanya bisa seperti ini, toolbar terdeteksi sudah login, namun tidak ada menu back-end
biasanya ini karena user tidak memiliki “role” apapun
Tapi di cek di wp_user dan wp_metauser semuanya normal, memiliki akses yang sebelumnya sebagai administrator
Akhirnya penasaran mencoba membandingkan dengan database wordpress lainnya, dan baru ketahuan ada data yang kosong di bagian wp_options pada tabel wp_user_roles dan karena identik, langsung saja copy paste isinya
a:5:{s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:102:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;s:11:"update_core";b:1;s:10:"list_users";b:1;s:12:"remove_users";b:1;s:13:"promote_users";b:1;s:18:"edit_theme_options";b:1;s:13:"delete_themes";b:1;s:6:"export";b:1;s:12:"wpsqt-manage";b:1;s:11:"edit_blocks";b:1;s:18:"edit_others_blocks";b:1;s:14:"publish_blocks";b:1;s:19:"read_private_blocks";b:1;s:11:"read_blocks";b:1;s:13:"delete_blocks";b:1;s:21:"delete_private_blocks";b:1;s:23:"delete_published_blocks";b:1;s:20:"delete_others_blocks";b:1;s:19:"edit_private_blocks";b:1;s:21:"edit_published_blocks";b:1;s:13:"create_blocks";b:1;s:22:"beehive_view_analytics";b:1;s:22:"manage_snapshots_items";b:1;s:29:"manage_snapshots_destinations";b:1;s:25:"manage_snapshots_settings";b:1;s:23:"manage_snapshots_import";b:1;s:11:"hustle_menu";b:1;s:18:"hustle_edit_module";b:1;s:13:"hustle_create";b:1;s:24:"hustle_edit_integrations";b:1;s:20:"hustle_access_emails";b:1;s:20:"hustle_edit_settings";b:1;s:34:"wpml_manage_translation_management";b:1;s:21:"wpml_manage_languages";b:1;s:41:"wpml_manage_theme_and_plugin_localization";b:1;s:19:"wpml_manage_support";b:1;s:36:"wpml_manage_woocommerce_multilingual";b:1;s:37:"wpml_operate_woocommerce_multilingual";b:1;s:29:"wpml_manage_media_translation";b:1;s:22:"wpml_manage_navigation";b:1;s:24:"wpml_manage_sticky_links";b:1;s:30:"wpml_manage_string_translation";b:1;s:33:"wpml_manage_translation_analytics";b:1;s:25:"wpml_manage_wp_menus_sync";b:1;s:32:"wpml_manage_taxonomy_translation";b:1;s:27:"wpml_manage_troubleshooting";b:1;s:31:"wpml_manage_translation_options";b:1;s:23:"beehive_manage_settings";b:1;s:16:"hustle_analytics";b:1;}}s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:47:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:14:"chained_manage";b:1;s:11:"edit_blocks";b:1;s:18:"edit_others_blocks";b:1;s:14:"publish_blocks";b:1;s:19:"read_private_blocks";b:1;s:11:"read_blocks";b:1;s:13:"delete_blocks";b:1;s:21:"delete_private_blocks";b:1;s:23:"delete_published_blocks";b:1;s:20:"delete_others_blocks";b:1;s:19:"edit_private_blocks";b:1;s:21:"edit_published_blocks";b:1;s:13:"create_blocks";b:1;}}s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:17:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;s:11:"edit_blocks";b:1;s:14:"publish_blocks";b:1;s:11:"read_blocks";b:1;s:13:"delete_blocks";b:1;s:23:"delete_published_blocks";b:1;s:21:"edit_published_blocks";b:1;s:13:"create_blocks";b:1;}}s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:6:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:11:"read_blocks";b:1;}}s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:2:{s:4:"read";b:1;s:7:"level_0";b:1;}}}
Lalu dicoba login kembali, Alhamdulillah langsung normal kembali
Semua menu back-end timbul kembali, dan langsung kelihatan bahwa web jarang di rawat, karena banyak banget yang harus di updates
Bisa jadi hilangnya isi tabel wp_user_roles karena ada aktivitas sql injection dari hole keamanan wp/plugin/themes yang tidak diupdate
Oleh karena itu wahai Operator Website, rajin-rajinlah nengokin website wordpressnya, lakukan update, scan malware, dan tambahin konten.