Since we have identified that we have a hacked WordPress site and we know the problem lies with this malware that’s been planted on the site, now we have to go through the process of fixing it.
Generate a New Strong Password
The first step in fixing the site is actually preparing to fix the site. So what that means first is, coming over to your users and changing all of the admin passwords and so that’s what we’re going to do right now. We’re going to come down here and go to a strong password generator. Then you just generate a strong password, right? Copy that password and paste it in.
This is the new password for this user which can be updated later if they want to change it. We want to make sure that all of the admin users now have strong passwords and different passwords because the problem is that the malware may know what the passwords are.
Let’s now update this user. Leah, I will email you your password here or you can just follow the last password routine if you like. I’ve already changed my passwords so I don’t really have to worry about my admin password and when I’m done here she’s just going to delete me anyway.
Do Full Backup of the Site
So, to reiterate, the first thing to do is create new strong passwords for your admin accounts. Then you want to do a full backup of the site. We’re going to do that now. Come back over here to plugins and activate BackupBuddy. With BackupBuddy activated, I’m just going to double check its settings.
Choose the Right Folders to Back Up
She’s got ImportBuddy password set up and so I’m just going to come over here and make sure that we’re not backing up folders that we don’t need. We don’t want to do .errordocs or .hcc.thumbs, okay billercommunications, bloggingforonlineartists. We also don’t want to backup cgi, chemistrylivesaver or images or pics or stat. Let’s see studyhall gone, Subjects, test, we don’t want to backup tmp.
We don’t want to backup tutor and in my mind, this file right here without a name is suspect so I’m not going to include it in the backup. I’m not going to include this backupbuddy file in the backup or this backupbuddy data file in this backup or this copy of the database db_1.sql.
Export WordPress Content
Everything else I’m going to save. I’m going to save this general settings and then I’m going to come back over to the backup and do a complete backup. And we’ve got a successful backup. I can see there’s already a bunch of successful backups of the database so I’m not going to bother with that again.
What I am going to do is export the WordPress content so I’m going to come to Tools and I’m going to export all content and just download an export file. It says it failed, common download errors. So we’re just going to try it again. Download export file, there we go.
Now we’re getting this and this is going to be the final worst case scenario fix. If all else fails we can still get all the posts and page content back because we can re-import this XML file back into a new site. We almost never have to resort to this, all of our other systems would have to fail before we use this but nevertheless, I want to export it anyway. It’s not my site so I want to make sure at the end of this that it still works properly.
Export the Database
Then we are going to go into phpMyAdmin here and I want to do that from inside of her hosting account. Go to Manage WordPress, Databases. Databases, there it is. MySQL and leah4sci is the one so we’re going to go to phpMyAdmin.
Also we need to get the database login and password information so I’m going to do that from her wp-config file and such ways to protect the information. I’m going to show you how to do this on a file that’s not sensitive.
But here we are, now we’re in to phpMyAdmin so we’re going to open up…that is really interesting. Okay, I’m not going to try to fix this because I’ve not looked at her database before but she’s got what appears to be duplicate database tables but one database table has a different name. I’m going to continue to use this unless it poses us a problem.
What we’re going to do is come over here to export and we’re going to export this SQL and I’m going to export it as a zip and I’m going to select all. So we are selecting the entire database, we’re going to export it as SQL and we’re going to export at zipped and say go.
The server closed the connection without sending any data. Okay back over here, export, and I’m going to manually select all, choose SQL, data, db. I’m going to say zip again and try it again. Okay, that’s not good for us, back to export, everything is selected, we’re going to download it as but we’re going to say “none” now so now I’m going to say go again.
So it’s generating a text file that I can use to import but it’s taking a long time to download this which is not typical. This is really not typical. I don’t know if it’s failing or what. But while we’re waiting for this to happen I’m going to get Leah on the line here to talk about this a bit. Hey, Leah I’ve just unmuted your microphone.
Troubleshoot Database Issues
Leah: Okay, I had created a second website in another folder and then tried to use ImportBuddy to bring it in here and that’s why you’re seeing two sets of tables but they don’t belong there so if need be they can go.
Rick: Okay, so which one is right? Is it the wp3 or the wp?
Leah: I think wp3 because I was recommended to put a number there but honestly I don’t really know. I’m looking at it and I didn’t know what I was doing.
Rick: Give me just a second here, I can tell which from your wp-config file, I can tell what oh you know, maybe I can’t.
Leah: 3 sounds like something I would have done, I like to put numbers on things.
Rick: I seem to be crashing in it and this might actually be a browser problem on my end. I’m going to go into GoDaddy here. This may be a problem in Chrome, Chrome definitely chokes sometimes on this stuff. Oh there you go, you can see Chrome did choke, okay.
Here we are back inside of GoDaddy and MySQL. Actually, the other thing I have to do here is to go back and get the wp-config file. And according to wp-config the table prefix is wp3. So, the username is this, the password is that.
Now, hopefully this is all going to work right and what I’m going to do instead of this is to go to export but I’m only going to export the wp3 stuff. I’m still going to export it zipped. I’m going to say Go. I want to save it, open the folder. Okay I’ve got it downloaded and saved here now, that section of it.
Now that I’ve done that I’m going to take everything and do it again. For whatever reason it’s choking on exporting the entire database but we have several backups of it which we have access to. We have a backup of it that is downloaded.
Okay what’s going on here? I don’t know what’s going on here actually, it’s interesting. Databases, okay there we go. I’m just going to try it one more time, everything is selected, I’m going to do it as SQL, I’m going to do it zipped and try to download the full thing one more time. No, it’s just not going to happen, okay.
Get a List of Plugins
So now that we’ve done that, I want to make sure that we note what our WordPress version is and we need a bunch of things next. We want to get a list of our plugins so that you know which ones you’re going to do again.
Most of your plugins though are not available on wordpress.org. You’ve got Jetpack but okay. So most of the plugins that Leah has here, she’s going to have to install from her own computer because I don’t have access to them. I’m looking at them all and the only plugin that resides on wordpress.org is My Custom CSS and this was deactivated so we’re not going to worry about that at the moment.
Version of WordPress You’re Using
But we do want to make sure that we know which version of WordPress that we have. I know that she updated the WordPress 3.8 here but you may find yourself having to solve this problem on a previous version of WordPress. So you need to make sure you know what version of WordPress you’re running because when you reinstall the old database it needs to match the version of WordPress that you’ve installed.
We know we’re running 3.8 at the moment so we’re okay there and we know what plugins we need and the last thing we have to do is get our database login.
Get Database Login
Now, I’m going to show you this on one of my sites and let’s do it on something that’s old and generic. So what you want to do is get to the root of your website and then look for your wp-config file and open it. Now, you can do that from inside of cPanel which is a very common way to do it, which is the way I’ve done it here on Leah’s site.
But when you do this, what you see when you open up wp-config is the database name, the database username, the database password, the database host name and that kind of stuff and table prefix. This is the most reliable way for you to get your existing database information, just to get it from your wp-config file. We will be using this information from her wp-config file for setting up WordPress, okay?
So once you have all of those things, you’ve assembled all of the necessary information. And next we’ll be removing the existing WordPress installation.