what to do if you have been hacked?
- Create a full backup of your site.
- Delete all the files on your site.
- Download a fresh copy of WordPress.
- Unzip the WordPress files.
- Upload the WordPress files to your server.
- Inspect the wp-config.php file from your backup to look for any suspicious code. Comparing the file to the wp-config-sample.php file in the newly downloaded WordPress files will help identify any issues.
- Copy the wp-config.php from your backup to the new site.
- Download fresh copies of your themes and plugins from the original source. Make sure you don’t download the files from random sites on the net as these frequently contain malware.
- Unzip the theme and plugin files.
- Upload the themes and plugins to the site.
- Run the site to verify that it functions.
- Delete any users that you do not recognize.
- Change the password of each user. This is important as it is possible that the attack changed passwords and would allow the attacker to compromise your site again. By resetting each users’ password, you ensure that the passwords are what you expect them to be. Of course, when you are doing this, make sure that you apply the above recommendations. Don’t leave an “admin” user and don’t use simple passwords.
- Go through the wp-content/uploads directory in your backup and copy the directories to the new server. Ensure that what you are copying are media files (images, audio, video, etc). If you find any PHP files, do not copy those to the server.
- Regardless of how it happened, you’ve been hacked. Take a deep breath. Stay calm. Don’t do anything rash.
- First things first, clean up your local machine (run anti-virus) and update everything.
- Next, log into your hosting account and check with them to see what’s going on. Make sure that you’ve actually been hacked. It may simply be that they’re experiencing a service outage for your site. If you are definitely hacked, as I was, then send them a support message asking if they can trace what happened and what caused it.
- While you’re in there, change all of your backend passwords (FTP/SFTP/MySQL) and the passwords for everyone who has access to your site.
- Ideally, you’ve recently backed up your site and can walk through a simple restoration tutorial, like this one. If that is not the case, then now would be the time to begin backing everything up. Check out Kevin Muldoon’s recent post on VaultPress for this particular how-to.
- Close any backdoors the hacker may have left and secure your wp-config.php file.
- Update everything.
- Change your passwords again, just to be safe.
- Consider a premium security solution such as managed WordPress hostingand/or Sucuri. ManageWP is another good option for those who would like to keep their shared hosting, but want some added security and support.
- Finally, be sure to follow all applicable WordPress security best practices in the future (listed below).
Prevention from: http://www.elegantthemes.com/blog/tips-tricks/what-to-do-when-your-wordpress-website-has-been-hacked
- Always update WordPress core, themes, and plugins right away.
- Back your site up daily; either via your host or one of the many trusted WordPress backup plugins such as VaultPress, BackupBuddy, BackWPup, BlogVault, etc.
- Never use the default “admin” username.
- Create a unique and difficult password that contains upper-case and lower-case letters, numbers and symbols. Avoid any permutations of your name or the name of your site. The more random the better.
- Secure your wp-config.php file.
- Hide your username.
- Hide your version of WordPress.
- Limit login attempts.
- Disable file editing in the dashboard by adding the following to your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, true);
- Install WordPress File Monitor Plus to receive notifications every time your files are edited.
- Always use SFTP when logging in to your site via an FTP client or your hosting panel.
- And once again, consider a premium options such as managed hosting, Sucuri or ManageWP. Peace of mind is surprisingly valuable!
- Or, if you’re up for some advanced DIY security, check out this definitive guide to WordPress security.
the last link above http://moz.com/blog/the-definitive-guide-to-wordpress-security