Links not working since updating

No. Get rid of the old site. You have at least 1 database backup (hopefully more than one), so your old content is still safe. You may be able to restore the old site later.

1. Log into old site’s admin section.

2. Under Tools, choose Export > All content and click submit. You will be prompted to download an XML file.

3. Use FTP to download your wp-content / uploads directory from your old site.

4. Use FTP to upload your wp-content / uploads directory to your new site.

5. Log in to your new site.

6. Choose Tools > Import on the new site.

7. Install the WordPress import plugin as prompted.

8. Use the WordPress import plugin to add your old blog entries / users into your new site.

9. Go to Plugins in your new site and add back in the plugins you were using.

10. Fix all settings to be as they should.

That should have you about 90 percent to normal. Just run through and check your entries. Some linked media may be missing, some settings may need playing with, especially if you use plugins to manage custom post types (such as with a calendar or certain media galleries).

If you can’t access Tools > Export in Step 2, you can call the file directly with this:

https://yourdomain.com/wp-admin/export.php?content=all

where yourdomain.com is the domain name for your old site, of course.

Nooo! Please do not import ANY new content! There is a strong possibility that the database content is compromised by a recent hack. Please just stick to a straightforward install for now.

As a rule, WordPress hacks don’t affect underlying post / page / user data; they only affect template or plugin files used on a site.

My read on this, and the previously mentioned thread, is that the questioner has suffered a plugin or template hack.

It is theoretically possible that the underlying post and page data is affected. I would normally say that’s highly unlikely, but in reading the previous thread, it’s clear the questioner’s site was not very secure, so it is possible someone gained access to the site and injected malicious code into the posts or pages themselves.

To be clear: The average WordPress hack does not affect posts or pages. Using my method to restore is generally safe.

Since the questioner is no worse off for trying my solution than she was when she started, and could save herself significant grief if the underlying posts and pages aren’t infected, I say try my approach, then go through the posts and pages of the site to make sure they are clean, using one of the many security auditing plugins in the extend.

Esmi’s path is safest, but in my estimation is nuclear and almost certainly overkill.

Thank you Dougdotcom. I think it is a template hack. Perhaps even a plugin hack. I am distressed to hear my site wasn’t that secure. What does a body do to make it more secure? Well, we’ll cross that bridge when we get to it.

YW. Keep in mind, if you want to be 100 percent sure your site is clear and free, esmi’s approach is the way to go. I just suspect strongly mine will suffice.

Security in WordPress comes down to four basics:

1. Strong passwords and not using the default admin user name.
2. Proper file permissions. There are security plugins that will help you with that.
3. Keep everything updated: Themes, plugins and the core.
4. Don’t run plugins or themes from sources you don’t trust and that are not in active development / being maintained by competent people.

You missed a few:
5. Scan your own machines with updated AV & malware software
6. Only every use secure FTP connections

And if you check back you’ll see that the OP has problems after the old db is imported – hence my efforts to start off with a completely clean install initially. I’m one of a group of forum regulars who has been trying to help the OP across multiple topics since the hacks were discovered in multiple sites a week ago. So I’m fully aware of the background to this issue.

OK, I’ve downloaded the page and it’s on my desktop.
In cpanel, the main site is listed under public_html. That is a folder named Admin, then Content, then Includes and then a bunch of files.
In addition, I have 3 addon domains and several subdomains. These are in folders. Did I, at lest, get that right?

So, how do I do this without screwing up more? should I create a folder named ceconn.com and put the new wordpress in there and import the xml file in there? Then, when it is ready, delete the present one and move the new one in its place?

Does that sound doable?

I admit, the username was wishy-washy and that will be changed. File permissions were proper, I do keep things updated but how do I know what plugins are safe to download?

First step: Use FTP to download your wp-content/uploads folder from your current site. That will allow you to get all your uploaded media off your server for use.

Second: Go through they wp-content/uploads folder (and any subfolders in it) and make sure everything in there is a file you uploaded to your Web site. If there is any doubt as to whether a file is legit, delete it.

Third: Once you are certain of the integrity of your uploads folder, reinstall a fresh copy of WordPress that uses a new database and overwrites your current WordPress directory.

Fourth: Import the old posts, pages and users via the XML export file.

Fifth: Change the passwords for all users.

Sixth: Look at the site and make sure it is A-OK; go through several pages and posts. If you see problems or get sent to other Web sites or whatnot,your posts were hacked, use esmi’s fix.

Seventh: Install the plugins and theme you previously used, keeping in mind that one or more of them was the cause of your troubles. So, if you don’t need it, don’t install it. If you’re not certain it works properly and is safe, don’t install it. (It works properly and is safe if the extend directory says it is.)

Eighth: Install a security auditing plugin. I like this one:

https://www.ads-software.com/extend/plugins/bulletproof-security/

Do what it says.

Oh, between the fourth and fifth steps, above, add a step: FTP your wp-content/uploads folder back onto your site.

where does the xml file get uploaded to? Contents?

You login to your new install, then choose Tools > Import.

You will see a link there for WordPress import that will prompt you to download and install the WordPress Import plugin. Follow the instructions.

Then, you will be prompted by the Importer to select the XML file.

So you’re not using FTP for it. You just need to have it someplace where you can find it when the importer asks for it.

Is there a direct link like the one you gave me for exporting?

Tell me why I’ve done all that backing up over the years? It seems I can’t upload the backed up database, anyway.