I have moved DVD Guide’s hosting to its own user account to minimize damage due to any further WordPress exploits (the hacker on Friday gained access to the file system and defaced several sites hosted under a single user account). Although this is my only site that currently uses WordPress, security vulnerabilities may be present in any software, so hosting isolation may be prudent for all of my Web sites.
Initially, I had WordPress prepare its database tables anew, but after being unable to find any content and setting import and export functionality built into WordPress, I deleted the newly prepared tables then restored the old ones (sans the user account created by the hacker and with my own user level restored, of course) and changed my password again for good measure (it reverted to the old one when I restored the old database). I am not completely comfortable using the old tables as I do not know what other damage the hacker may have done to my database, but until I have a tool or time to restore only known-good WordPress content and settings without breaking any inter-table references, metadata, or who knows what else, it will have to do.
I noticed some strange things when exporting my WordPress database, including that WordPress has not actually deleted comments that I had it remove from the site after I found them to be spam. How strange.
Ryan Boren, one of the WordPress developers, got back to me about the breach and he thinks it may have been due to the known vulnerability in WordPress 1.5.1.1 despite their corresponding “Security Update” page saying “if you’re running the default template”, which seems to ascribe the vulnerability particularly to that configuration. Hopefully, that was it and WordPress 1.5.1.2 will prove more resilient.