Calendar site spammed



I’m hosting a Wordpress calendar site with Dreamforce using the plugin. Users can read the event info right on the site OR they can subscribe to a Google Calendar feed. This problem is related to the calendar feed.
Someone has injected spam into the header in many content files. You can’t see it on the site itself, but it appears in individual Google Calendar entries for users who subscribe via Gcal, and in links to the site from elsewhere (such as Facebook).
It looks like I may have to back up my content files from some point before the spamming happened, then wipe and reinstall Wordpress and re-import my backed-up content. What are my options wrt to finding a clean snapshot from some past date?
Are these all things I can do myself, or do I need support to do any of them?
Thanks for any insight you can provide.


You really don’t want files from a previous backup (if any) because you don’t know at what point your site became infected.

You can find the latest version of WordPress at, as well as the latest version of any open source plugins. If you are using a commercial plugin, contact your plugin vendor. Delete your current wordpress install, and then install the latest versions. You will need to reconfigure your config.php file with your database details, of course.


Thanks. Most helpful.
When I wipe and reinstall, is there any possibility of rescuing any of my current content? What would that involve?


As this is a WordPress site, all of your content is actually stored in your database. What’s in your public directory is WordPress core, themes, plugins, and any images or other files you’ve uploaded through the media gallery. Those files are located in your /wp-content/uploads/ directory. It’s not a bad idea to backup that directory.

Since you’re already on Dreamhost, you might want to consider Ipstenu’s DreamObjects Backup plugin, which will automatically backup your WordPress database and wp-content directory. See here: You need to have a DreamObjects account, but if the only thing you are storing there is backups, the cost is pennies a month, and really worth it for the peace of mind it brings. I can’t recommend that plugin highly enough.


FWIW, your database MIGHT be okay.

If they just spam injected into the files, then you can probably delete all the files and reinstall fresh, clean, copies and go forward. It’s pretty rare today for SQL injection to leave spam. The last big one was the Pharma hack.