Malware in old website – how to migrate?

There is more to do to clean up a site than export/import posts data. The malware can be anywhere. And it could have gotten into your site via many paths.

Before you export/import posts, you need to ensure that the current posts are not the source of malware. I’d do a whole cleaning of the existing site before an export/import into a brand new site.

From a similar question, I answered this:

I would recommend a de-hacking inspection. If you think your site got hacked, there are several (many) things you must do to ‘de-hack’ it. Including:

  • changing all passwords (WP admins, FTP, hosting, database)
  • reinstalling WP (via the Updates page) and then reinstalling all themes (from the repository) and plugins manually.
  • checking for unknown files (via your hosting File Manager; if you sort by date, invalid ones should stick out because you updated everything).

There are lots of help in the googles (or bings or ducks) on how to de-hack a site. I wrote a set of procedures that I use. It can be done, though, just takes a bit of work. My process is detailed here: https://securitydawg.com/recovering-from-a-hacked-wordpress-site/

(Added: if you do my cleaning process, you may not need to create a new site. I’ve cleaned sites successfully using that process.)

(Although this question is not within scope of this place, hacking questions happen often enough here that the answer might be helpful to you and others.)

Related Posts:

  1. Multiple developers / editors working on a site in progress
  2. How can I make updates to a site, on a development copy, but then move updates back without overriding live site’s evolving database?
  3. Fastest way (least amount of steps) to locally import a remote database using WP-CLI
  4. Solution for database version control and deployment?
  5. How to migrate a HTTPS WordPress installation to localhost?
  6. How can I migrate from another platform to WordPress (using the same domain) and launch when ready?
  7. Migrating data between local and development server
  8. Best way to import users, post and categories from an external database
  9. Syncing local content with development / staging sites
  10. Organizing WP Pages based on old website database
  11. Presentation vs Content in WP DB-Tables
  12. Migrating non-WordPress CMS to WordPress, lots of data to move — possible solutions?
  13. Migrate a Non WordPress database to wordpress [closed]
  14. Weird issue with database migration and SSL links
  15. How to fix unchanged URLs in Database after running serialized search and replace script?
  16. Migrating database / content of non-CMS site to WordPress
  17. How do I reset a self-hosted WordPress URL?
  18. I don’t see site_url and home_url fields in wp_options table (phpMyAdmin)?
  19. Export all content from wordpress
  20. Migrating WordPress from DreamHost to Azure WordPress Resource via UpdraftPlus “wp_options table does not exist…” error
  21. Moving minor updates between local and live sites – just database?
  22. How to move the WordPress site Layout from test site to Production site?
  23. Merging two databases without borking it
  24. Why does importing copies of the database dump and the document root make WordPress data inconsistent?
  25. Able to use all admin pages but in the frontend there is a “Error establishing a database connection”-Error
  26. Trouble Migrating all data blog from WordPress.com to WordPress.org
  27. Copying database tables to new database
  28. Migrating from PDO using SQLite to clean new install using MySQL
  29. Migration: Copying database content to a different server
  30. Change WordPress URL in sql file via Terminal
  31. Strange characters added to the database
  32. After database migration, theme mods don’t show [closed]
  33. Problem migrating to localhost
  34. WordPress url transformation script
  35. How to transfer from localHost to live but use the already existing database on the server?
  36. Image link issues after importing a database backup to my local web server
  37. Database migration issues – Error #1046 No database selected
  38. echo site_url() returns a different value than what is in the database siteurl field
  39. Migrate Users From laravel to wordpress
  40. /wp-admin not accessible after migrating to local host (no plugin issue)
  41. How to fix Uploaded to this post option to see group of images uploaded to a post?
  42. How do you enable scripts on a WordPress installation in Softaculous?
  43. WordPress site migration – locked out of admin area
  44. WP website showing blank page after moving from subdomain to main domain
  45. WordPress Migration – Issue with admin panel changes
  46. Do I need to be selective about where I search and replace when pointing a domain to a subfolder used for development?
  47. How to edit posts/pages without making the change live?
  48. Migrate not successful, DB is broken. How to fix, or at least output static HTML without plugins?
  49. After Migration From dev, Only my Links to the Homepage Still Redirect to dev
  50. spambot registering without providing email or password, bypassing registration process
  51. I cannot change anything in my wordpress database from within wordpress?
  52. Media library images “missing” after migrating them using SQL
  53. Restoring .sql backup results in “Error establishing a database connection”
  54. import (migration) user database to wp-users
  55. Database question while Migrating from one domain to another on same WebHost [Bluehost]
  56. Moving database from WP 2.6 to 3.5 problem
  57. Importing Concrete5 content to WordPress
  58. Getting an error when trying to migrate to DV server from Grid with Media Temple [closed]
  59. Can’t connect to MySQL server on ‘127.0.0.1’ (10061) (2003)
  60. Does dbDelta delete columns as well?
  61. Insert data in database using form
  62. Moving WordPress to new server: no posts found
  63. Upload files – total size limit – WordPress/Contact Form 7
  64. Relationship between performance and database size
  65. Scheduling posts in database
  66. Should I be able to run two different “close” code versions of wordpress with the same DB
  67. Need of separate security plugins for both root and subfolder sites WordPress?
  68. Escaping / encoding data before insert into a database?
  69. how to store arrays into a database
  70. Error: SELECT SQL_CALC_FOUND_ROWS
  71. WordPress not reflecting changed of the database
  72. Populate dropdown from database
  73. wordpress ‘database update required’ loop after update
  74. Database Table for customer user
  75. How to Access wp_usermeta Data Immediately After a New User is Created
  76. Cleanup: best way to remove WooCommerce comments from the wp_comments table
  77. Migrating to WordPress Recipe Plugin and Some SQL Issues
  78. How to paginate information obtained from a query to a custom table?
  79. How can I show related posts from multiple separate installations
  80. Error establishing a database connection,
  81. Post Views / Hit Counter Problem?
  82. Connecting to a different database
  83. Create Pages for database content
  84. Should I use an additional column in the DB?
  85. Storing user submitted forms [closed]
  86. Can’t log into wordpress site – I have made a new user and still cant access
  87. Export WP Subsite DB Fully Ready for Import Elsewhere
  88. Sed Command Not Writing Changes to SQL file
  89. Recurring 502 Bad Gateway issue
  90. Error during installation (DB)
  91. How To connect to the same WordPress database with different database user
  92. How much post meta data is too much?
  93. I have include wp-config, should I add global $wpdb also?
  94. Localize strings from db
  95. Can’t Install WordPress (local) Failed to open file wp-includes/wp-db.php
  96. Redirect Issue: WordPress database
  97. How to stop WordPress from using utf8mb4_unicode_ci collation
  98. wp_usermeta key problem
  99. Database Queries are crashing the server
  100. Uploading to WordPress Database