How to clean and upgrade an old, hacked installation

  • Cosmo

    (@maachingmailcom)


    11 years, 8 months ago

    I’m running a WP site that has been hacked and where all PHP-files contain base64-encrypted code. It’s a very old version (2.9.2) and has some modified code, and I don’t think automatic upgrading worked last time I tried.

    I would like to make sure all infected files are gone, and then do a fresh install of the latest version, recreate the theme, and preferably keep all published content. How is it recommended that I do this?

    I’m not sure if the databases are compatible between 2.9.2 and 3.5.2, or if the infection could have put something in the database that I need to clean first. Would it be convenient to install the new version next to the old one first, or would there be a risk of the virus spreading then?

Viewing 1 replies (of 1 total)
  • Thread Starter Cosmo

    (@maachingmailcom)

    In case someone else comes here with the same question:

    After using some virus scanner plugins, it seemed like the database wasn’t infected, only the theme PHP files. I backed up everything (DB and files) in a few different ways & locations, then deleted all files on the server.
    In the new installation’s wp-config.php I used new random values for password salts and other new things, and copied the ones that hadn’t changed from the old version. After uploading the new installation to the server, WP asked me to let it upgrade the db, which it did successfully.
    I also had to reupload wp-content/uploads and change theme in the admin panel before it worked.

    It’s been really smooth, now I just need to recreate the theme.

Viewing 1 replies (of 1 total)
  • The topic ‘How to clean and upgrade an old, hacked installation’ is closed to new replies.