DEV Community

MD Pabel
MD Pabel

Posted on • Originally published at mdpabel.com on

WordPress Hacked? How I Restored a Client’s Site After Everything Was Deleted

#cybersecurity #security #tutorial #wordpress

Recently, we faced one of the most challenging hacked WordPress recovery cases. A client’s blog site hosted on an old Bluehost VPS had been completely hacked. The WordPress version was outdated (around v4.x), and the hacker had wiped out almost everything—themes, plugins, and the uploads folder containing all images. To make matters worse, there were no backups available.

This case study walks through how we approached the problem, what worked, and what lessons we learned from the WordPress malware removal process.

The Challenge

When we first accessed the VPS, the situation was grim:

  • All custom themes and plugins were deleted.

  • The uploads folder, containing all images, was gone.

  • Only the database remained intact.

  • The client’s site was a blog, so losing images meant a significant content gap.

Without backups, the typical WordPress recovery route was not possible. Everything had to be rebuilt from scratch using whatever clues we could find in the database.

What We Still Had

Despite the destruction, the database still contained valuable information:

  • Posts & Pages : All textual content was intact.

  • Theme & Plugin References : Stored in wp_options and sometimes in serialized data.

  • Image Paths : Stored in wp_posts as attachment entries, though the actual files were missing.

The challenge was to reconstruct the site using only the database and any recoverable files from external sources.

Recovery Process

Here’s the step-by-step approach we took to restore WordPress :

  1. Fresh WordPress Install

  2. Database Import

  3. Theme & Plugins Restoration

  4. Recovering Images

Outcome

  • The blog site was restored and fully functional after the hacked WordPress incident.

  • All posts and pages were recovered.

  • Approximately 40–50% of images were restored.

  • The client avoided total data loss, and the site was secure and updated.

Key Takeaways

  1. Always maintain regular backups

  2. Use a CDN or external image host

  3. Keep software updated

  4. Harden security

Conclusion

This recovery case demonstrates the critical role of a WordPress database in disaster recovery. Even when almost everything else is gone, the database can help rebuild the site after a hack.

However, the case also highlights the limitations of relying solely on local storage for images. Moving forward, regular backups, external image hosting, and proactive security measures are essential to prevent similar disasters.

Top comments (0)