One of my clients had their website hacked yesterday, this was through their WordPress login, and seems to have occurred as a result of some vulnerabilities on their own computer, likely releasing their username and password. No other sites on that server so far seem affected.
The client hadn’t made any recent backups of their WordPress database, but had years of content on their website.
They’d also added themselves as a new user under the email firstname.lastname@example.org
Hackers had then changed the site URL within WordPress to automatically bounce users through a bunch of affiliate pages on alternative websites, also meaning that you can no longer log in to the WordPress console.
Fortunately though, they left the main content of the website intact (just with the extra spam content). I also still had full access to the server data itself, as do all my clients.
After editing the .sql database directly to remove the redirect, I was then able to log back in again to the WordPress console, generate new passwords for all users, and remove the extra spam user that had been added.
This could’ve also been done via the WordPress console using the ‘tools/export site’, and then importing the site back again after are removing all existing content. But that would’ve meant removing all existing content temporarily, and I’d rather do the comparatively quicker change of just updating the database file directly.
I have subsequently also made a collection of backups in different forms for the client.
This problem the first appeared as just the site taking an age to load, so it seems as though we caught it early.
But please, make regular backups in multiple locations of all of your key data, whatever that is.
If you don’t want to lose it because of a hardware or software glitch, or a hack like this one, having a recent backup really is the best option.