My site has been hacked - What should I do?

Contact your hosting, a lot time they can help you out.

Because they want it off their servers.

Damm hackers - 'sucuri' is really good. A bit late for you now - but maybe for next time.

Sorry to hear that mate.
For reference I use wordpress firewall (or firewall for wordpress) I can't remember the exact wording.

It's notified me once of an attempted hacked file upload thus far so I'm glad I've got it. There's a lot of good wordpress security plugins that can help you. Although the best hackers will always get through if they want to.

Just make sure you back up regularly, both your page files and sql database etc.

If you're running Wordpress, it's likely a bot has injected bad code into one or more of your pages. I've had this happen and found it's usually an insecure page, like the footer.php file, that has had bad code placed

Others with more experience can weigh in, but here's what I did:

1. Change all passwords to something much more secure. I use 13-digit alphanumeric passwords and change them often. Won't help fix the problem, but will keep troublemakers out for the time being.
2. Check Google Webmaster Tools. It will often tell you what file is the bad actor.
3. Got a backup of the site or database? Restore it or ask your host to do so. If that doesn't work...
4. Delete, not replace, all of your core THEME files.
5. Remove all unnecessary or untrustworthy plugins. Your host can often tell you which ones cause the most problems. Some are huge security holes. Make sure all needed and trustworthy plugins are the current version.
6. Upgrade or re-install WP, which will replace the core WP files without trashing your wp-content files or database.

You can check your site after each step and see if the Google warning comes up.

When your site is clean, install some security (other then the password). I use BulletProof Security and WP Firewall among other things, and a host that's fanatical about server protection, including free CloudFlare to help block this kind of thing (among other benefits). Make certain your host REALLY has a backup — each night. Some hosts say they do, but don't — as I've found to my regret.

Once I did these things to my sites (all 10-12 of them), including switching hosts, it eliminated these types of problems.

Just my $.03. Good luck to you.

gary

Your web host could patch their PHP and stop this from happening again. If they don't, this will repeat itself sooner rather than later.

Often times these are simple fixes. If you check File Manager in cpanel, and sort by Date, find all files modified recently. Often times you will see index.php and some gibberish in there that is your culprit.

I would consider Wewatchyourwebsite.com
They are a small operation, sometimes slow to get a response from them but they appear to be very knowledgable and they have have helped me out, as recently as today when I had an unusual infection bothering one of my sites.
I have also added WP Firewall 2 and Login lockdown plugins for extra security.

If you're running Wordpress, common vulnerabilities are out of date plugins and/or themes. That's great that your webhost was able to revert back to an unhacked version of your site, but the vulnerability that was exploited is still there for it to happen again.

1) Update any plugins you're using to the latest version, and delete any you're not using.

2) See if there's an updated version of the Wordpress theme you're using.

3) Install security plugins like "Login Lockdown" and "Bulletproof Security" free version. If you like the free version, consider buying the pro version.

4) Change your Wordpress logins and FTP logins, and while you're doing that, make them harder passwords.

By the way, malicious code can be injected into your php pages without the date stamp of the file changing, so you can't rely solely on the latest date stamps to tell whether a file has been hacked.

Alright, it seems that you've got the latest version of Wordpress itself... Now, what about the plugins?

• How many do you have?
• What are they?
• Are they even supported anymore?

Zacsmith outlined some great steps.

You have to keep in mind that a lot of Wordpress plugin developers stop supporting the plugin once it's been written. When this happens, it does not get updated when a new exploit is found in the core Wordpress installation leaving you with a security hole.

8 out of 10 Wordpress "hacks" are due to vulnerable/non-supported plugins. Then you have to factor in that literally everything the average Wordpress user wants to do, they go about it the easiest route which is finding some plugin to do it. There's no need to use a plugin to do simple things like add Google Analytics code. There are plenty of guides on how to add the few lines to your header file.

People seem to continuously add plugin after plugin to do who knows what, which ultimately is the root cause of the problem. (in most cases). I'll list a few things that you can do below -

• Move the config.php up a dir to the /home directory
• Change the admin user via the database, not just the "friendly" name
• Use strong passwords: uppercase, lower case, numbers & special characters
• Password protect your wp-admin directory at the server level. Now there are 2 steps.
• Don't use "free" themes you found on Google. They're almost always exploited
• Choose a web host that cares about security
• Limit the failed login attempts, something like Login Lockdown

The list goes on, but there are a few things that will definitely help secure your site. Monitor your failed login attempts. If they continue, provide your web host with the IP's and they can be blocked at the firewall level. Failed cPanel or direct server logins "should" already be getting perm. blocked after XX failed attempts or scanning.

EDIT: While there are some good tips here on installing security plugins, don't just blindly install them. Read about them and understand what they're doing or have someone do it for you. Installing a bunch of "security" plugins on top of each other could ultimately cause them to conflict with each other causing more issues.

Hope that helps!

I hope your host will help you. You pay for that as well.

Some services like Hostgator and a few others are exemplar. Some... not so.