I’ve just come into the office to discover that a clients WordPress site has been hacked. What made this one a bit different from what I’ve seen before is that this one didn’t completely take over the website and wasn’t immediately apparent from just viewing the site.
This seems to have worked. The site is now clean, and the offending files are no longer being infected. All up this did take about 3 hours to do, and that was only because I got lucky with finding what to look for.
As always this is another example of why you always need to keep on top of your WordPress sites, and always ensure that you apply any updates as soon as possible.
You don’t want to be your site that’s down.