Mobile app version of vmapp.org
Login or Join
XinRu657

: Safely backup and migrate a hacked and infected WordPress site I have an old WordPress site that was on really bad shared hosting and has been hacked into smithereens. It's been compromised

@XinRu657

Posted in: #Hacking #Migration #Security #Wordpress

I have an old WordPress site that was on really bad shared hosting and has been hacked into smithereens. It's been compromised by multiple (different) people, as far as I can tell. It's pretty bad! The site is functioning well enough right now for me to get in and do things, so I'd like to move it to a different server if possible.

However, since I know it has backdoors and all sorts of trouble in it, I'm not sure how to move it over.

Obviously I'm going to do a fresh WP install, but is there a way to move the data (blog posts, comments, etc) over without a risk of also transferring a backdoor or some other trouble?

For example, do I need to worry about the MySQL databases themselves being compromised? Or if I manually move them would they be ok?

I am thinking the safest thing to do would be to do a WordPress "export" and then import the XML file to the new freshly-built site along with .png, .jpg and .gif files. I'm assuming images are relatively safe. XML also seems pretty safe, but even so, it's a lot of code to scroll through, and I'm not sure if I would recognize a backdoor embedded inside it if there was one. Could it somehow have PHP embedded in a post's text that would then be activated on the clean site?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @XinRu657

2 Comments

Sorted by latest first Latest Oldest Best

 

@Barnes591

For example, do I need to worry about the MySQL databases themselves being compromised? Or if I manually move them would they be ok?


Yes, you absolutely have to worry about the MySQL being compromised along with just about everything else.

The best thing to do here is move as little as humanly possible to preserve the content. Plugins, themes, etc should be left behind and reinstalled/rebuilt on the clean site. Assuming that there is a reasonable amount of it and you can have the site up in the browser without getting infected by something nasty, I would consider simply copy-pasting the site content from the front end of the old site into the new instance. I've done this for up to 100-150 pages/posts and it doesn't take that long.

If there is too much content to easily copy-paste or you can't have the site in a browser due to malware being present, then I would dump the wp-posts and wp-postsmeta tables either via the WordPress exporter plugin or straight to a mysql dump file. In either case, you will need to open the export file in a text editor and comb through it looking for code injection in the content (obfuscated javascript, encoded PHP, etc) and remove ALL of that before importing to the new instance.

10% popularity Vote Up Vote Down


 

@Fox8124981

Assuming you are a responsible host... why not roll back to a safe point?

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme