My site got hacked a while back. I thought I had cleaned it up properly, but I fell victim again. I don't know if it was a back door, or a new exploit, but the hacker managed to change not only my admin password but even the admin username (which I didn't think was possible). I don't know much about this, but I think this means my MySQL database has definitely been compromised. (I am the only user of this database; there are no other logins.)
I did a completely fresh install of wordpress but noticed the admin password got reset again, without me doing anything, and so I assume the hacker still has his claws in.
I thought that I was keeping good backups, but it turns out my most recent one failed somehow, and the last one I had was about a year ago. I know I am opening myself up to "told you so" by admitting that. However I don't even know for sure that this was an uncompromised database backup.
I think the most sensible way for me to go forwards is to rebuild a brand new database from scratch and then reinstall wordpress again. I only have 43 posts and about 20 pages, so copying and pasting will not take too long. The only thing I don't know how to make work will be comments. How will I keep all the comments? I think they are a valuable part of the site and I wouldn't want to lose them.
I have in the past used the "export" tool provided in the admin page -> tools, but that seems to backup the whole kit-n-caboodle. There is the resultant xml file that contains whole load of stuff I don't understand- how am I to know that it is clean or not?