I was hacked

I always thought that running my own WordPress site might be a bit risky, but much less than I thought. It took until now to be hacked, which is going on three years. In 4.7.1 and earlier was a REST api privilege escalation vulnerability. That means someone can access the site through one of the application interfaces and inject content without having a correct password. And it seems I am in good company.

Luckily I always had backups of everything related to the site, which basically means the database and the files/uploads. Every day I get an dump of the database and a copy of all files back from the hosting service to my local server. And from there a versioned backup to our cloud backup provider.

So recovering from the hack meant updating to 4.7.2 and restoring the database from a version of the backup I knew was good. Doing an update for me wipes out any existing installation which is good if it was possible to contaminate them somehow. Then restoring the database from my backups is a single command once I restore the dump back to the hosting service.