Database hacked

Howdy, jamali — I think we’ll need some more info on what exactly happened. What was compromised? What was left behind.

I’d start by making a backup of your database. Either use a tool such as phpMyAdmin (check your server’s control panel) to export your SQL file, or use a WP plugin that allows you to backup and download a copy of your SQL file.

If there’s just some, say, malicious code that was put in your database, you should be able to use a find&replace in a text editor to delete the bad code, then restore the database to overwrite all the bad stuff.

Of course, fixing what allowed the problem to exist in the first place is important too. I’d start by changing the database username and/or password (making sure to update wp-config.php to match).

I failed to update from 2.6 and have a couple of sites that have been compromised. My understanding is that “whatever” or “whoever” gets into the database and that updating to 2.9 is not enough to fix the problem. I found and read a tutorial that advised one to export the database and re-import it in such a way as to only import the posts.

I have since lost the link to the tutorial I think I need.

It could be that something was inserted into your database, but that’s not the only thing that could be wrong.

I’m not sure re-importing just the posts would be the best way to go, it really depends on how you’re using WordPress. If you have a lot of users, taxonomy, etc then you’d lose all that as well.

I found a site about cleaning up a hacked WP blog — it’s a bit old but has some general recommendations for cleaning up.

Basically you’ll want to examine the database, look through the theme files, look through wp-uploads. Backup and Upgrade!

Also note that it’s likely you were hacked due to a since-patched vulnerability in WordPress, but even fully updated sites can become compromised due to server vulnerabilities. I guess the advice there is to stay vigilant.