Hi all, I broke the first rule of IT Work: I helped a family member build a website
Tl;dr: How do I go about rebuilding a website from scratch, via a freshly installed WordPress and importing pages and uploads manually from the hacked backup. Willing to pay $50
**EDIT TO CLARIFY** I was NOT looking to pay someone $50 to do the work. That’s so disrespectful. Was only looking for direction (hence the “how do I go about”) or even potentially hop on a screen share to demo what’s happening and get direction on how to proceed – 1 hour max. People’s time is valuable. I wouldn’t disrespect you guys like that. Came for direction on how to proceed because I didn’t want to spend $200 of my own money for a family member’s barely profitable business, and the direction I’ve received here is to just pay the money because it’s too complicated. So that’s what I’ll do. I apologize to those I offended, that was not my intention especially during this holy part of the year.
Long story:
My mother has a website where she sells products that I set up using WordPress and woo commerce. Initially set up in 2018/2019, it now has malware that prevents us from accessing any pages. Services want at least $200 to restore it, and at that cost is much rather rebuild the website manually.
I would move her to squarespace but she just paid the yearly hosting fee just two weeks ago.
What is the quickest way to restore the pages, products, and their associates images?
I don’t do webdev, so I’m not familiar with PHP and limited in HTML and CSS, but I work with databases and scripting languages like Python in my day job. I’m at the point where I currently have the pages imported by importing the wp_posts table that I saw, and I uploaded the images into their directories but product images are not loading correctly in the shop page. Elementor’s formatting for the pages are all screwed up.
Any direction or assistance in this would be truly appreciated.
[ad_2]
Check your files via ftp, look for last modified files/folders.
Disable all plugins (rename plugins folder).
Check if there’s mu-plugins folder and if so, check what files are inside.
If you can access admin dashboard, look at page/post/product via text option (not wysiwig) if there’s script hidden.
If site redirects to malware shite, check your db for scripts.
Usually hackers insert same script to every page/post/product. If that is your case, it’s easy to remove every script from db.
So you’re willing to pay $50 for a $200 service and think that it only takes $200 to rebuild an entire ecommerce website?
Also why squarespace? It’s probably the shittest pagebuilder there is, no copy & paste smh.
Importing anything from a malware infected website is just a bad idea to begin with, some of these malwares, especially redirect malwares, inject obfuscated code into so many wp files that you shouldn’t touch them ever again.
If you can’t find a products export or old untouched backup to work with then I would do everything from scratch entirely.
Media files when uploaded often have the url
`*website*/wp-content/uploads/<YEAR>/<MONTH>/<filename.jpg>`
so you probably need to change the image url for products and images that have been linked using the old url from your backup. You could probably do this with elementors replace url tool. Or since you know databases you should be able to run a replace script to run where needed.
You should also figure out how the website was compromised in the first place and introduce hardening procedures to stop it from happening in the future, there’s a lot of basic wordpress security hardening that needs to be done before you start on anything, such as remove the initial admin user and recreating it under a different name, not having any “admin” named users, disabling xml-rpc, changing /wp-admin url, rate limiting logins, using https. Cloudflare also helps a lot against brute force attacks, you can also install something like wordfence.
Just redesign the whole thing. If you value your time so little that a 200 fee to restore the site is scoffed at. I find that shocking but if that’s your plan, maybe just nuke it and remake it manually as you said in your post. When you are finished, be sure to make a clean backup. Personally, I would have paid the 200 bucks before the person doing the work came to their senses.
Dude. Offering to pay a professional $50 for x amount of hours of work is insulting.
Pay the $200 to the host to remove the malware and restore the site. Please don’t come here and attempt to low-ball the process.
There are a lot of moving parts with WP’s database. You can’t just take the ‘wp_posts’ table and migrate it and it’s all good. You have so many other tables that work together to make a WP site hum.
Your malware issue is likely sitting in a plugin (at least, that’s how it got there) or a bad security setup overall, which led to the malware being able to infect WP Core files on your install.
Either pay the hosting support fee and then put the site on a reputable, managed WP host; or hire a WP professional to do it. That will cost you way more than $50.
I just got done restoring a botched WP Multisite install. I spent over 60 hours @ $100 an hour (emergency rate) and did my client a solid by capping it at 40 hours @ 1/2 the hourly. It was done right and it’s fully restored.