Advice rebuilding a new database after site got hacked

  • Resolved oldmankit

    (@oldmankit)


    11 years, 12 months ago

    My site got hacked a while back. I thought I had cleaned it up properly, but I fell victim again. I don’t know if it was a back door, or a new exploit, but the hacker managed to change not only my admin password but even the admin username (which I didn’t think was possible). I don’t know much about this, but I think this means my MySQL database has definitely been compromised. (I am the only user of this database; there are no other logins.)

    I did a completely fresh install of wordpress but noticed the admin password got reset again, without me doing anything, and so I assume the hacker still has his claws in.

    I thought that I was keeping good backups, but it turns out my most recent one failed somehow, and the last one I had was about a year ago. I know I am opening myself up to “told you so” by admitting that. However I don’t even know for sure that this was an uncompromised database backup.

    I think the most sensible way for me to go forwards is to rebuild a brand new database from scratch and then reinstall wordpress again. I only have 43 posts and about 20 pages, so copying and pasting will not take too long. The only thing I don’t know how to make work will be comments. How will I keep all the comments? I think they are a valuable part of the site and I wouldn’t want to lose them.

    I have in the past used the “export” tool provided in the admin page -> tools, but that seems to backup the whole kit-n-caboodle. There is the resultant xml file that contains whole load of stuff I don’t understand- how am I to know that it is clean or not?

Viewing 5 replies - 1 through 5 (of 5 total)

  • All of the comments from WP are stored in the wp-comments table in the database.

    Could you not just export this table.. and the import it into your new WP installation?

    I believe the only column in the wp-comments table which would need to be adjusted is the comment_post_ID as it specifically references the post/page it relates to.

    So, you would have to go through each comment… get the post/page ID of the new site… edit it in the database table… and import into the new site.

    Probably a fairly laborious process… but could def be done with a limited amount of comments.

    I usually export only wp_posts table from productions sites to the mirror site when I need to perform some maintenance, related to broken links.

    Having said so, I think you can try to import only wp_posts and wp_comments tables from your backup database. You would get all your posts and comments back in a second.

    Hopefully, those tables aren’t affected by hackers.

    Thread Starter oldmankit

    (@oldmankit)

    Thank you Josh and bottleneck.

    So I have two options: one is to copy and paste post content, and then export/import wp-comments, and then manually adjust comment_post_ID. I have only 121 comments so this wouldn’t be too bad, but still would take quite some time.

    The other option is to export/import wp_posts and wp_comments together, which would save all the manual editing. However there is a small chance that even these tables are infected. I have had a brief look through it, and nothing looks suspicious, so they’re probably fine.

    The final option would be to just copy and paste page content for my 43 posts and lose the comments.

    I will play around and see what solution works out best. Thanks again. It’s really nice to know you’re not alone when you get hacked and that there are people willing to support you in the recovery process.

    Sure, you are welcome.

    Let us know.

    Thread Starter oldmankit

    (@oldmankit)

    I’ve gone the manual way – rebuilt all posts and pages via copy/paste, and decided to lose the comments.

    Comments feel like a very ‘current’ thing, and I don’t think it’s too much to lose old ones.

    From now on: better backups!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Advice rebuilding a new database after site got hacked’ is closed to new replies.