Help restoring FUBAR WordPress site from backups after malware detected

  • hi all!

    i’ve tried all day to fix a client wordpress site that was infected with malware and hell’s broken loose; link here. go see for yourself. the photos are gone, code is all over the pages, etc.

    i have a backup of the site from long before the malware was detected, made by simply copying my home directory from FTP to my desktop. the website at this time looked fine, but the malware prevented me from logging into wordpress via wp-admin (i’d get a 500 internal server error), so i couldn’t do a complete backup. my database should still be intact through my hostgator cpanel, but i don’t know if the malware affects that, too.

    what i stupidly did in a fit of rage was simply delete the site’s entire malware-infected directory via FTP this afternoon, then copied my old backup folder back to FTP. now i could log into wordpress, and the pages and their text came through in the CMS, but when visiting the site, the pages just loaded blank, all white. i figured this was because of some discrepancy with the theme, which it was, so i re-downloaded the theme and reinstalled it. that got the pages loading, but in their present screwy manner. then i updated wordpress and a ton of plugins in a willy-nilly manner.

    i’ve been through a bunch of support docs and have been at this on and off for ten hours. i have like 45 tabs open and no idea what to do or how to properly start over. can anyone lend me a hand?

    thank you very much!

Viewing 2 replies - 1 through 2 (of 2 total)

  • Looking at what’s happening in FireBug, it looks like there’s a lot of uploaded files that are missing, so I’m hoping that you’ve got a very recent backup of the /wp-content/uploads/ folder available that you can restore with all of the image files in it.

    Apart from that there’s also 404 errors from your theme for misisng JavaScript and CSS files. As it’s a commercial theme, I’d recommend re-downloading it from the vendor and uploading a fresh copy. BUT… that does asusme that you haven’t gone and made any changes to the orginal theme (you did use a child theme, didn’t you?) If you look at the ‘Network’ activity in FireBug, or your chosen developer tools panel, you’ll see what files are missing and what will need to be restored if you would prefer to add them back in one-by-one.

    One thing to keep in mind is that simply restoring the files won’t fix whatever security hole let the hackers into the site in the first place. I’d recommend that you look through this page and apply as many of the suggestions as possible to try and secure the site a bit more than it was.

    Thread Starter aqhw

    (@aqhw)

    thank you so much!

    i already did re-DL from the vendor and upload a fresh copy this aft, but i’m not sure i installed it at the best time in this sequence.

    i don’t believe i used a child theme–not only has the site has been static and sitting around for at least a year, untouched, but i’m very novice at wordpress.

    i did install and ran sucuri earlier today, but i didn’t get through the whole hardening section of its settings.

    glad to not hear that all’s lost. i’ll get back at it in the morn and post back. thank you again!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Help restoring FUBAR WordPress site from backups after malware detected’ is closed to new replies.