3 replies to this topic

[jonbey]

I have moved Wordpress between servers before but never after a hack. So rather than just transfer I plan to do it as fresh as possible.

I was thinking that they safest option would be to create a Wordpress export file which just moves the posts and comments, then manually move the images, and everything else will be totally fresh and new.

Is the the best option?

There was no additional user in the database after the hack so I am assuming that no database changes were made, but playing it safe as they could have put something in there then deleted themselves, maybe ....

[AbleReach]

If you are hacked you could have problems absolutely anywhere. Do not trust an export file, unless you are completely sure that the database is clean.

[Michael_Martinez]

You should scan the export file at the very least in something like Wordpad to see if anything jumps out at you as obviously wrong.

[jonbey]

OK.

I did some searches on the database yesterday and found nothing. Although not really what to search for apart from the obvious, like eval and base64 (and backwards).

At the moment I shall just monitor it. Got the WP file monitoring thing installed on that site, so just leaving it to see if the code comes back. If it does not, it is probably clean. If it does, I will move and clean..... All seems OK at the moment though.