When a WordPress website is hacked or infected with malware, one of the most important things to recover is the content—such as posts, pages, and category structure.

In many cases, the malware only infects files or injects malicious scripts, while the data in the database (especially post content) remains safe. If that’s the case, we can recover the content by simply exporting and importing the key tables that store all the post data.

Post Tables

WordPress stores content data in five main tables:

  1. wp_posts: posts, pages, and custom post types
  2. wp_postmeta: additional metadata (custom fields, etc.)
  3. wp_terms: category and tag names
  4. wp_term_taxonomy: category/tag relationships
  5. wp_term_relationships: links between posts and categories/tags

Export Post Tables

Use mysqldump to export the entire database as a primary backup, then export the tables that store post content:

mysqldump -u db_user -p db_old wp_posts wp_postmeta wp_terms wp_term_taxonomy wp_term_relationships > backup_posts.sql

Delete Tables in New WordPress

After installing a fresh WordPress instance, delete the five default tables so they can be replaced with the data from backup_posts.sql:

USE db_new;
DROP TABLE IF EXISTS 
  wp_posts,
  wp_postmeta,
  wp_terms,
  wp_term_taxonomy,
  wp_term_relationships;

Import Tables

Once the tables are removed, import the tables containing the old content:

mysql -u db_user -p db_new < backup_posts.sql

Verification

After the import process is complete:

  1. Go to WordPress Dashboard → Posts; all old articles should reappear
  2. Pages and category structures should remain intact
  3. Links and slugs should function normally

Conclusion

With this strategy, we can recover essential WordPress content from a hacked site without importing the entire database, which may already be compromised. This step is especially useful when you only need the content.