Comment by empressplay
13 hours ago
All my sites got pwned through this. Attempts to restore from backup just got pwned again in minutes. Ended up using Claude to create static sites from the database and the assets.
I'm never using Wordpress again and I strongly suggest nobody else does either.
You likely restored a compromised backup because the backdoor(s) were already laying there. Or you restored to a theme/plugin with a vulnerability and had it quickly exploited again.
There is some lessons to be learned from your way of trying to fix it. Suggesting not to use a software that is in its core pretty stable and safe, is not one of them.