Restoring WordPress backup

Halfway through building my new wordpress site it got hacked.  The front page turned into some foreign rubbish with a video.  I believe that this may have been a result of a contact us plugin that i used.

I didn't take a backup of the site as i had only just started and hadn't got round to it.  No excuse I know.

The site host suspended my account and the only way i could get to my data was through FTP.  What i need is the content of the pages that i wrote and also some custom CSS code i wrote.  The host has provided my with a complete copy of the site ready for them to format it.  However, this also includes the compromised files.

From what i have seen on the net, the data/pages are stored in a database, i was hoping they would be stored as .php files or similar that i could just copy from the server.

How do / can I get the pages/content and the css code i wrote from the database?  Or is there some other way i can deal with the compromised files so i can just get it back to how it was?

Any help on this would be greatly appreciated.
Who is Participating?
Jason C. LevineConnect With a Mentor No oneCommented:
Your content is located in the wp_posts table in your MySQL database and your CSS is typically in your theme's styles.css file.  I would export wp_posts via phpMyAdmin as a SQL dump file and open it in a text editor to check it.  The style.css file can just be downloaded via FTP.  You may also want to FTP the contents of your WP-upload folder so you have your site's images for the rebuild.

As far as hacks go, USUALLY all that gets hacked are the core WordPress files and code is inserted there that adds content or tries to deliver something via an iframe.  However, you should absolutely check all of the entries in wp_posts to see if malicious code has been added there.  If your content is clean, then you are in decent shape to rebuild.

To recover, delete everything from both the web server and MySQL and change all passwords for these accounts.  Start over with a clean copy of Wordpress and rebuild your site and theme from the ground up.  As far as restoring content, you can either import it from the old SQL file or (recommended) copy/paste the HTML entries from the dump file back into the visual editor.  

As far as staying secure, follow the Hardening WordPress article on the Codex and add some of the better security plugins to your site.  Be very wary of adding free plugins that are not from the repository.  Be wary of adding plugins that have not been updated recently (at least 2012).  Check to see how active the plugin authors are on the forums or if they have their own website support system.
Jaroslav MrazCTOCommented:

we had a same problem but we found out that DB whose unmodified. Hacker just kill some files. We replaced it and reconect to DB an everything whose OK.

For backup you can use Dropbox
jdc1944Author Commented:
How were you able to determine that the database hadn't been modified?  I dont really want to restore the database only to find the site all messed up again.
Jaroslav MrazCTOCommented:
We see it manualy throu MySQL web based client.

 And you can try it that you download whole page using FTP to local drive.
Upload a clean wordpress PHP package form the official page. Manualy create config from sample.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.