I was hired to build a new website for a company who's old website has turned into a dumpster fire. I was then asked to migrate over 1000 blog posts from the old website to the new website. This has come with its own problems as everything is running on ancient versions of everything and the export is massive. During all of this troubleshooting I was informed that the old website has something called a "zeus" virus. So my question is, is it likely that importing the database to a new site will also import that malware and if so is there a way to ensure that I am only copying the required info?

Thanks!

I was hired to build a new website for a company who's old website has turned into a dumpster fire. I was then asked to migrate over 1000 blog posts from the old website to the new website. This has come with its own problems as everything is running on ancient versions of everything and the export is massive. During all of this troubleshooting I was informed that the old website has something called a "zeus" virus. So my question is, is it likely that importing the database to a new site will also import that malware and if so is there a way to ensure that I am only copying the required info?

Thanks!

• database
• migration
• virus

• 1 You should export the data via CSV/ WP-Import/Export. That way, the posts will be filtered naturally into an unharmfull format. That will also be lightweight in terms of export cpu power. In your position, I'd set up a clean system again. – user3135691 Commented Apr 21, 2019 at 17:04

1 Answer 1

There is more to do to clean up a site than export/import posts data. The malware can be anywhere. And it could have gotten into your site via many paths.

Before you export/import posts, you need to ensure that the current posts are not the source of malware. I'd do a whole cleaning of the existing site before an export/import into a brand new site.

From a similar question, I answered this:

I would recommend a de-hacking inspection. If you think your site got hacked, there are several (many) things you must do to 'de-hack' it. Including:

• changing all passwords (WP admins, FTP, hosting, database)
• reinstalling WP (via the Updates page) and then reinstalling all themes (from the repository) and plugins manually.
• checking for unknown files (via your hosting File Manager; if you sort by date, invalid ones should stick out because you updated everything).

There are lots of help in the googles (or bings or ducks) on how to de-hack a site. I wrote a set of procedures that I use. It can be done, though, just takes a bit of work. My process is detailed here: https://securitydawg/recovering-from-a-hacked-wordpress-site/

(Added: if you do my cleaning process, you may not need to create a new site. I've cleaned sites successfully using that process.)

(Although this question is not within scope of this place, hacking questions happen often enough here that the answer might be helpful to you and others.)