How to Identify and Repair a Hacked WordPress Site – Bonus – What Happens when Database Restore Fails

The next thing to do then in this process of repairing a hacked WordPress site is to reinstall the old database. Because this is using a brand new empty database, right?

Export Database Fail

So let’s come back over to our phpMyAdmin on this now and click on this database. Here are all of our newly created tables, right? And they’re all blank. Well, what we’re going to do is we’re going to check all of them and we’re going to drop them and then we’ll come back over to import. We’re going to browse for our file. Okay, we need to sort this by date modified. There’s the SQL file that we exported so we’re going to import that and say go.

Well, that’s a total pain in the butt isn’t it? So let’s try that again. Okay, I forgot to to choose zip or whatever or something like that. Let’s just see data. Let’s try that again, okay. Well, let’s just try that again see what happens. Well, it’s not good.

So instead of this what we’re going to do because our exported database is not working, the one that we exported is not importing properly, this is the fun of doing this kind of stuff live, right? I’m going to extract this, it’s interesting. I said to extract and it’s saying that there’s obviously a sufficient problem with the zip file that it’s broken.

Get Backup of Database from BackupBuddy

So what we’re going to have to do now is get a backup of the database from BackupBuddy which is why we just didn’t delete all that stuff, right? And so this is going to start..actually, come back over to File Manager, let’s see we can delete this WordPress folder and then we’ll come back over to the old-leah. Then we’ll come over to wp-content and plugins. Actually, it’s probably wp-content, uploads, backupbuddy_backups. Where is the most recent one? 116, okay those are all full, 115, that’s a database backup so we are going to copy this.

Import the Database

Well actually, what I’m going to do is I’m going to download it. Okay, so I’m going to extract all and so now under here I’ve got this backup with that SQL file and let’s try importing this SQL file. Import, browse and where did that go? Backup old-leah up here, db_1, go. Maybe I didn’t press the Go button. Okay, I’m not sure what’s going on there but let’s go back to data, db_1.sql open that.

Actually, it looks like it did it though, it just didn’t show us any action, it did. Okay so we have our tables installed, now we’re going to see whether or not the site works again. Not yet, maybe I got a little carried away with this.

Let’s just look at Options for just a minute. Okay, site URL, admin email. All that stuff is working right. Okay, let’s just import that again, check all, drop, yes, let’s import. Browse, try this import again, open and we’re just going to say go again. Now, we’re just going to let this sit and see if we get a desired result on our list.

So let’s just see what happened. Well, it looks good so let’s try it again. It’s happening when that happens. Okay, it crashes at that point so that didn’t solve the problem obviously. We can in fact, we can try to use BackupBuddy to fix this too. We’re going to try that next actually, we’ll try to use BackupBuddy. Leah, I still have you on there, are you still there?

Leah: Yes, I’m here.

Rick: Okay, so that backup, when was the last time you added something to the site?

Leah: Before I did anything with this information, I went in some personal backups so I know I had a blog post last week which I have saved as a file on my computer. I also did a full backup and downloaded it. What exactly are you looking for and I’ll see if I have it.

Rick: I’m just wondering whether or not this database is corrupted and so what I need to do is find an older database and I wanted to see how old I could go.

Leah: What’s the next one? Like what ‘s the data on the next one and I’ll try to remember. I mean worst case scenario, I’d rather get the site back even if it means sacrificing a page or two.

Rick: Okay, check all, let’s go ahead and drop this. Then the latest that I appear to have here, well the one I just did was 1/15, it was January 15.

Leah: Oh, I thought maybe last year, you scared me.

Rick: No.

Leah: This is the database but if you exported the content, as long as I have the content I can manually put it back. We’re talking like blog posts, all the images are backed up on my computer.

Rick: Yeah, well we have all the images anyway.

Leah: What about the blog posts and pages, are those backed up separately?

Rick: Yeah, we do have all those.

Leah: Then we can go back into December if need be.

Rick: Go back to December?

Leah: If need be because as long as I have the text files I can put the content back.

Rick: Okay. So if we look at 12/25, now the thing about that is, is that this one would have been using a different version of WordPress, although I can figure out which version by looking at it. I might have to extract it first actually.

We’ll just see if that could be the problem with this. Actually, is that the 16 database backup may have been done with WordPress 3.7 and we have WordPress 3.8 installed. Obviously, one of the issues associated with restoring the site is getting the database and the WordPress installs the same when you go to recreate them.

I think instead of this what I’m going to do here is go back to this one here which is the one I did today. Well, let’s see I’m going to move this, no I’m going to download it and then I will try to use the version of the database that exists here that wasn’t the backup that I did.

This is one of the reasons why you do the belt and suspenders backups because you know, 9 times out of 10 that exported SQL file would have worked but this time it didn’t. So, wp-content and then uploads and backupbuddy_temp. Okay there’s the latest one so what we’ll do here then, we’ll try this one.

We’re looking at the full and I don’t think it comes sitting in here, no it’s not. wp-content, uploads, backupbuddy_temp, this is it here, no, it’s the other one and db_1, hit go. Give it a few minutes to do its thing since it’s not going to tell us that it’s done it. I don’t understand why phpMyAdmin is behaving like this. Okay, I’ve got 21 tables in here.

Leah: I see a website.

Rick: Do you see a website now?

Leah: A terrible looking one but there’s something there.

Rick: Well, let’s see, I’ll be happy with anything at the moment. Perfect, okay.

