It’s been an arduous afternoon, trying to work out how to recover from the hack last year that has poisoned hundreds of posts on this site. The site currently includes 4,741 posts containing 3,096,019 words. That’s a lot to go through manually. And since I don’t know how the hack was done, or whether it is still active, or a backdoor is present, then it might be futile.
I’ve done a few grep searches on the most recent backup file. A search for “cialis” alone gave over 250 results. Of course I have no idea of all the possible spam terms.
But I have been a good boy, and made regular backups. I do have a backup of the site, taken a month earlier. In theory I should just be able to create a new WordPress installation, and restore that, and then handle the last year bit by bit.
So I created a new, clean WordPress installation. Unfortunately… the backup times out. It’s 70mb, which is too long for some timeout somewhere. Why doesn’t it batch the thing?
No worries, there’s a command-line interface to wordpress, WP-CLI. That runs… and gets killed by something or other, possibly the site operators, more likely a robot for running out of memory.
I’m leaving the damaged site up at the moment. I will ponder.
PS: It just occurred to me… maybe I should run WordPress on my PC, do the import there, and then export the contents in pieces, and load these? What a faff.
I would highly recommend downloading XAMPP to install WordPress locally to test any backups, and also test any updates you want to do to the site. Might find you need to go back a few months of backups. When was the last time you tested a backup? (And yes; reinstalling WordPress and hoping backups work is a right faff.)
That’s a really good idea. Luckily I know when the hack was, and have a backup a month before. Unluckily the restore times out! So I’ll try it locally.
I know this is not really an answer to your specific problem, but after having this happen to all my WordPress sites, often multiple times, I got fed up with the flaky, insecure, and resource-hungry nature of WordPress and converted them all to static pages, managed locally by a static site manager (in my case Hugo – https://gohugo.io/). A static site is pretty much bulletproof, and even if the whole server goes away, restoring is just a matter of ftp the files to a new one.
WordPress is dreck, isn’t it? Slow, clunky, heavy, insecure. You may be right, you know. I was thinking about that yesterday. How did you do the conversion? What did you do about css?
If you want a WordPress Alternative that isn’t really too different, you can try the splinted-off ClassicPress (https://www.classicpress.net), which is based on the pre-WordPress 5.0 API (when they really started going off and doing weird stuff to the API). There’s a migration plugin which does the transition. As my other comment, should be able to try this locally using XAMPP 🙂