I was running an old version of WordPress, and my site was hacked. I was able to restore it. The solution involved:
- I downloaded a clean version of WP (matching the last version I was running) and used that as the basis for the restore.
- All the stuff in wp-content needed to be copied over.
- There is an .htaccess file in the root directory that’s critical.
After bringing it back online, I updated a bunch of links, and then upgraded WP to the current version.
The new version auto-updates now. So that should help with attacks.
Finally, I disabled comments, presumably another vector.
If you still use the site, drop me an email. I’m at firstname.lastname@example.org.