Support » Fixing WordPress » Is it safe to import an xml of posts from a hacked site?

  • Resolved John Peden



    I’m in the process of restoring a number of sites. They were running on a server that was hacked very severely with (among other things) MySQL injection.

    The server the compromised sites were running on was locked down by the network team and to a degree, the sites were cleaned up.

    That said, I’ve been told short of copying and pasting the text (not even HTML) there is no way of importing the old data. In one case, the site had 241 posts and 305 comments.

    What is the best approach here? The XML export file is enormous and will take a LONG time to go over with a fine-toothed comb but I could spot anything malicious and remove it I suppose.

    Just trying to find out if someone has an approach I’ve not thought of.

Viewing 5 replies - 1 through 5 (of 5 total)
  • I am not an expert by any means, but I am almost certain that some malware inserts code into the WP database. I would not import that file.

    I’ve been looking at the XML export file though. Would the best way to handle this to go through it line-by-line or just copy and paste 240 post and 300 comments?

    I’ve just exported the posts/comments xml. No trace of anything remotely malicious in there. Searched for <iframe, display:, and <noscript. Iframes all check out (a handful of video embeds). Display: all check out, all inline styles for images. <noscript was not found.

    The file is still about 20000 lines long, so there is no way I’m going through it line-by-line.

    Anything else that could be malicious? I know I’m taking a risk here but surely everything has been ruled out?

    Sorry, I really don’t know anything that would be of further help.

    This was imported with no obvious problems.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is it safe to import an xml of posts from a hacked site?’ is closed to new replies.