Diagnosis vs. downtime
Diagnosis can take time. That can mean downtime. With a bunch of possible root causes, what's needed is a flexible fix that allows for the former, while minimizing the latter.
Initial diagnosis weeds out non-hacked hassles such as local issues, server trouble, and third party incompatibilities, typically with plugins. This stage often throws up a simple fix.
If you still have hitches, how to tackle them will vary depending on the symptoms and your level of experience.
Preparing for deep diagnosis is, for most of us, a sensible precautionary step that involves backing up the site, its database, and its logs. It also involves ensuring access to server logs. Other than using this lot for troubleshooting, the backup may be vital if you scrap something by mistake.
There are now two possible avenues of action:
Diagnosing with the site in place, correcting issues and possibly re-installing
Re-installing WordPress, straight off, then diagnosing from the compromised backup to correct the root cause
There's no right or wrong with either method, which are generally combined anyhow. Ultimately they lead to the same thing, a secure site. It's just that the route to take depends on the kind of problem you have. Chicken and egg? Yup!
Given the theory, let's get practical.
Note
This guide should not necessarily be taken in order.
While the order of play is ultimately safe all round, in practise, it may lead to more downtime than you want or need. This is where experience really helps, judging the necessary diagnostic steps against particular symptoms.
Read this entire appendix and consider your scenario before making any changes.
Crucially, don't panic, dammit! Anxiety leads to mistakes and more grief. Besides, most snags are pretty easily snared. So smile, however wryly!
Backup Backup Backup Backup Backup Backup Backup ... Why not?
You should backup the files, the database, and logs before making any changes.
Even if you have a recent backup—in which case, don't overwrite it, it is more likely uninfected—you may need something or the other. And if on-site diagnostics don't shimmy out the problem, you can later re-address the infected backup to help corner the underlying issue.
There are a host of backup strategies in Chapter 6 , by the way, just for you.
