Copy wordpress website pages and content

If there are posts in the database that are generating the content, then you will need to clean out that malicious code in the wp-posts table. BUt I suspect that there is malicious code in the site. It could be anywhere; inside your wp-config.php or wp-settings.php file, for example. Or in the htaccess file. Or … Read more

Site hacked with malware [closed]

The best way to fix this is to have a clean backup of your site’s files and database and set up a fresh wordpress installation. Change all passwords related to the site (hosting, domain etc.), close your current hosting account, set up a new one, and let your host know your site was compromised so … Read more

Server hacked: correct contents of wp-uploads directory? [closed]

Uploads directory should be public, or whatever other settings in which the webserver is able to write to it, which in term of website security makes very little difference. You most likely have an unsecure code or unsecure server and there is not much point in rebuilding your site without first fixing those two issues … Read more

Prevent Hacking of WordPress Site [closed]

Look at this answer I wrote for a more extensive explanation: Malware on site For a summary: Add a login limiting plugin Move wp-config.php out of the public html folder ( WordPress will look one folder up from its root directory if it isn’t there Use the correct file and folder permissions Do not use … Read more

How to fight this wp-info.php exploit? [closed]

In order to limit the impact of the exploit when looking at a solution, I have written a small plugin that checks the .htaccess file content every hour and restores the correct file if it has been modified. <?php /* * Plugin Name: Fight the exploit * Author: Fabien Quatravaux * Version: 1.0 */ register_activation_hook( … Read more

Find and Replace text in the entire table using a MySQL query

Do you have SSH access? WP-CLI via search-replace. $ wp search-replace ‘<script>bad javascript code</script>’ ” –precise By default, this only searches for tables registered in $wpdb. To overwrite this behaviour, you can use either the –all-tables or –all-tables-with-prefix flag. (Or pass table names to the command manually.) Alternative: Easiest would be to download a dump, … Read more

How was my WP site hacked [closed]

If you do a Google search, you will find many topics on this. Here are some links: First read this: http://codex.wordpress.org/FAQ_My_site_was_hacked Then take a look at these links: http://ottopress.com/2009/hacked-wordpress-backdoors/ http://wordpress.org/support/topic/268083#post-1065779 http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/ If you have access to your database, login using PHPMyAdmin and change admin username / password, delete users you don’t know and change password … Read more