Recently, our hosting provider got hacked, and our site attacked by WordPress malware hacking. We share with you some advices about how to deal with this, to prevent this from happening to your WordPress, or to deal with an existing WordPress hacking issue. If you have any question, or just to be sure you are doing the right thing, speak with your hosting provider before taking any of the following steps. As usual: no liability taken or implied
1) Change your FTP password!
2) Make backup copies of everything you have on your server. This means you will also backup the malicious code contained in your files
3) Contact your hosting provider. They may have an older version backed up, and they can install it. This means you would use any change made before that backup copy was archived
4) Check the file .htaccess. Many hackking attacks are undetected when people type your domain name in their browser. The malware kicks in when someone finds your site on Google and clicks from there. This is a case of malicious .htaccess conditional redirect
5) If you cannot see your .htaccess, go into the options for your FTP connection and make sure hidden files are set to be displayed
6) Go on http://www.google.com/webmasters/ and the http://stopbadware.org/home/clearinghouse (Badware Website Clearinghouse) and queue your site for scan
7) If you have questions, visit: http://www.google.com/support/forum/p/Webmasters/label?lid=2fe2a8ee8e37c08e&hl=en There are some really great people there, both Google employees and volunteers, who can help you big time
Some very valuable advices provided by Google Support forum member RedLeg:
Most hacked sites I see are due to compromised passwords. Start by doing a scan of your PC and make sure there are no Trojans/viruses capturing your ids/passwords, use a couple of different security packages. Change ALL passwords especially FTP. Never store/save your passwords in your FTP client, use secure FTP if available. Install a good anti-virus program and do regular scans of your computer. You hosting service may be able to help you pin it down, if you notify when you see any changes they could check the access logs and maybe determine the account being used when the files are modified.
The second most common thing I see is problems with file/folder permissions. The hackers get access to a site and open the file permissions up on a folder/file so they can continue to get access even if you change passwords etc. You’ll see different views on what permissions should be I go with Files set to 644 Folders set to 755. It is a good idea to regularly check file/folder permissions.
If your site gets hitten for a short amount of time (it took 2 days to get our completely back in shape) you should have no problems with your Google rankings. However, just to be sure, if you want to help us, please remember to Google+ and Facebook Like our homepage. THANKS and good luck with your WordPress malware cleaning!