Strategy for restoring hacked site

that’s how you do it!

Change the database password (and update wp-config.php to match).

Thank you.

And thanks for reminding me to manage the password before getting going.

Andrew

Well, for the most part the site is restored. All the content is there and works for visitors. However, there are issues in the admin area that I cannot figure out.

For example, I can go to https://www.mydomain.net/wp-admin/themes.php just fine. But when I click on “Customize” for a theme I am redirected to https://www.mydomain.net/wp-admin/customize.php?theme=graphene&return=%2Fwp-admin%2Fthemes.php (a blank page) Note that the URL contains the location of the previous page. Another example. I go to https://www.mydomain.net/wp-admin/widgets.php When I click on “Header” then I’m taken to https://www.mydomain.net/wp-admin/customize.php?return=%2Fwp-admin%2Fwidgets.php&autofocus%5Bcontrol%5D=header_image (which is of course a blank page).

I’ve disabled and deleted all plugins except for Display Posts Shortcode, Flexi Pages Widget, and Flexi Quote Rotator that are integral to how the site displays. I also have added Graphene Shortcodes in case that would help with the issue, but it didn’t.

I don’t know what’s happening and I don’t know how to fix it.

Any help would be appreciated.

Thanks in advance,
Andrew

What happens if you use the twentysixteen theme? Does that theme work properly?

No, it has similar behavior. The “Appearance” menu is wonky.

• Themes works
• Customize does not work
• Widgets works
• Menu works
• Header does not work
• Background does not work
• Graphene Options works (when theme active)
• Graphene FAQs works (when theme active)
• Editor works

The other menu items: Dashboard, Posts, Media/Library, Pages, Comments, Users, Tools, and Settings all work.

Plugins seems to have an issue. When I first did the reinstall, I put back all my original plugins, but BackUpWordPress would give me the warning that I needed to have php5 and WP>3-something installed. I have php5 active and am using the latest WP. I deleted the plugin, but now when I try to reinstall it I get the error: “Installation failed: Internal Server Error”. I previously had Askimet installed, but deactivated and deleted it. If I try to add it back now I get the error: “Update Failed!”.

I’m still stumped.

Update:
The theme Twenty Fifteen works fully. I went in and deleted all other themes (2016, 2017, and Graphene), active or not. I reinstalled Graphene. The problem remains.

The developers and users of this theme/plugin would be the best people to ask. You can reach them here:

https://www.ads-software.com/support/theme/graphene

Thank you. I will check with them.

I did post in the Graphene support area. However, I was just thinking the problem does exist with Twenty Seventeen as well. It’s not specific to Graphene. It just happens that Twenty Fifteen works. This has to be a problem in the DB, but I’ve been unable to find it.

I’m wondering, would it work to:

• Backup the SQL for each table individually
• Delete all the WP files
• Drop of the DB tables
• Re-upload fresh WP files
• Backup the DB
• Import my tables one-by-one, starting with POSTS and then OPTIONS, as these are the two areas where I’ve got the most work involved
• Use the backup to revert at the point an import breaks the admin controls

Thoughts?

Totally stumped (and aggravated). I’ve done dozens of WP installs and never had anything like this occur.

• Backed up DB
• Exported Pages, Media, and Comments using WP’s export tool
• Deleted database
• Deleted files
• Downloaded new instances of WP, Graphene, and Graphene Shortcodes
• Uploaded new files
• Ran /wp-admin/upgrade.php – successful and then prompted for an finished install
• Backed up DB
• Tested

• Twenty Seventeen theme ran fine. No issues with any Appearance items.
• Activated Graphene. Same issues as before.
• Activated Twenty Fifteen (it worked fine with earlier setup). It fails with same issues as Graphene.
• Dropped tables and restored to fresh DB.
• Confirmed Twenty Seventeen worked. It did.
• Activated Twenty Fifteen (it worked fine with earlier setup). It fails.

I can’t figure it out. Even with a fresh install some of the Appearance functions just do not work for some of the themes.

I have tried every variation of starting over and none work. All these functions worked on Graphene prior to deleting everything and starting over. Meaning nothing has changed on my hosting.

I’m stumped.

RESOLVED

After all the effort I started running diagnostics on my host. Somewhere along the way my domain had been downgraded to PHP Version 5.2.17. I got it back to 5.3.2 and now everything magically works just fine.

Glad to hear it!

By the way, push your host to go to 5.6 or 7. Lots of plugins no longer work with 5.3 and 5.3.2 is definitely end-of-life. Your site will be more secure on a current version of PHP and faster on PHP 7.

Hey there @ezysetup –

Sorry to hear about your nightmare of a restore ?? We’ve almost all been there, for sure. I’m Kat, with BackUpWordPress support, and was going to pop in on the error you had with BackUpWordPress. We’ve seen several hosts that say their shared hosting sites are on one version of php when in fact they are on a different version. I’ve had a few tickets in just the last week regarding that one.

I was going to tell you to check what version of php was running by visually confirming it yourself but it looks like you found the issue already! Yay for happy endings!

It’s always awesome to see how amazing the community is in supporting each other!

Kat

Yes, it’s been a pain, although not as much as it could have been had I needed to start from scratch.

I did use the plugin “WordPress phpinfo()” to discover that I wasn’t using the version of php I thought I was running.

Thanks for the tip on going to 5.6 or 7. I’ll ping my host about it today.

Well, all they could bring me up to was PHP Version 5.5.38. I’ll just have to remember to ping them every now and then to see when they support higher versions. Hopefully this will keep me going for awhile anyway.

Thanks again,
Andrew