WordPress and the Dreaded “You do not have sufficient permissions to access this page.” Error

After cleaning a customer’s two WP instances after a PHP redirect hack, they asked me to obfuscate and harden their backup to decrease the likelihood that a second attempt would not be successful.

One task was to change the wordpress table prefix so that standard-named/dumb SQL injection attempts would not be successful. It was simple enough to get the parallel instance up and running, but after migrating their previous (and cleaned) table data, no one could login. No matter the access level, the login landing page would result in the dreaded error:

You do not have sufficient permissions to access this page.

Rather than start from zero, reinstall and configure all their plugins, reinstall and reconfigure their heavily customized theme, and most importantly, lose all of their users and post/page data, I needed to dig in and backtrack the issue.

The standard wordpress table namespace is “wp_“.

I picked some random names from popular culture to isolate their instance namespaces.

In order to migrate from one table namespace (standard OOTB “wp_“) to another (say, “foo_“), several foo_usermeta and foo_option values need to be updated to correctly reflect the target namespace.

The * in the following represents the new table namespace selected during setup.  The OOTB value will be wp_[value], which would need to be changed to foo_[value].

The following *_usermeta meta_key values need to be updated:

  • *_capabilities
  • *_user_level
  • *_dashboard_quick_press_last_post_id
  • *_capabilities

Keep in mind that *every* user will have these four meta_keys.  If you have hundreds of users, it would behoove you to write a quick SQL or PHP loop to iterate and update the values.

In addition, one must also change an option_name in the *_options table:

  • *_user_roles

I hope this saves someone out here some time, frustration and headache.