I think my WordPress got hacked

hi wardo74,

Recently i happened to visit a website where i got this information related to your query:

"A number of blogs using the popular WordPress platform have reportedly been targeted in the ongoing cyber offensive recently. The websites hosted by different providers have been affected; these include Bluehost, GoDaddy, DreamHost and Media Temple. Besides, some other management systems based on PHP have also been targeted by hackers (Zen Cart eCommerce, for example).

The targeted WordPress websites were infected with specific scripts that apart from installing malware on the systems also prevent Google Chrome and Firefox browsers (in one word - those using Safe Browsing API from Google) from sounding a warning if user tries to access the site. The way it works is when the search bot designed by Google meets an infected page, it responds by just returning the malicious code. This masking strategy uses the browser switch which is usually used by designers to return the specific code to meet the requirements of functional variations in various browsers, including Firefox and IE.

5 Steps to Secure a WordPress Blog or Website


1. Constantly Update your WordPress Package
Web-based software always contains bugs that can be used by hackers as a hole in your security. WordPress programmers constantly improve their products, fixing various vulnerabilities and code shortcomings. Keep abreast of the updates and use the latest version of web-based software for creating websites - it will help to avoid various attacks. The latest versions of WordPress contain optional automatic update feature. Use it to be up-to-date.
2. Only Strong Passwords!
Don't forget to change the user password in your WP account for something unique and difficult for repeating. Don't use your personal information like name or birth date, try to make up a combination of symbols not connected with some exact facts or people. And it is useful to change the password regularly - every half year or so. You can use some programs that will help to generate unique strong passwords regularly.
3. Use Secret Keys in your WP-Config File
Adding a secret key to wp-config.php file is obviously helpful thing that protects your configuration settings from unauthorized modifying. This file contains information like MySQL database name address and password - a key access data that is worth protection, if you don't want your website or blog to be hacked or stolen.
4. Use Htaccess for Limiting the Access
.htaccess file allows setting the access rights to various directories. With the help of it you can limit the access to your website folders. You can even set the IP address from which the information can be accessed. For more 'how to' explanations visit AskApache tutorial.
5. Control the File Permissions
Sometimes the default permissions set during WordPress installation or in accordance with hosting requirements are not acceptable in terms of security. That is why you need to check them manually and change via FTP client or in the admin panel of your hosting. To find out what is acceptable or not, look through the WordPress Codex."


Hope this helps!

Eccentric

if you are still doubting that someone knows your password you better change it right away. Just to be safe update your wordpress with the latest wordpress version. And regarding the new password think of something unique and something strong.

You're more than welcome

Cheers,
Eccentric