If your site has been hacked, here are a few tips on what to do:
1) Don’t Panic
The first and most important thing to do, is do not panic. It is easier said than done as you can also be very angry and scared about what has happened to your site. If you are a good webmaster, you should have nothing to worry about.
2) Always Keep Your Themes Updated
When there is a new wordpress theme to be updated, make sure you update it. You may think there are too many updates and you feel like you are constantly updating your site, but by using the latest version of wordpress you will minimise the chances of your site being hacked into.
3) Back up
Always back up your site. It is important to have a copy of your site offline. In case anything happens to your site, you can upload the back up files without losing any images or content. Imagine losing all the content on your site just because you have not backed up, it does not bear thinking about.
4) Check the plugins
WordPress is an open source software and the plugins are developed by third party developers. Sometimes it is the plugins that can cause errors on your site which you may be suspecting as being hacked. Deactivate your plugins, refresh your page and check if this has resolved the issue.
5) Keep your sites on different hosting packages
If you have one site with a hosting package and you buy another domain, make sure it sits on a different hosting package. This way if one site is compromised, there is less chance the other site will as well.
6) Do not use the “admin” login
You may have set up your wordpress site a few years ago and are now more internet savy. If you set up your site with “admin” as the yser name, amend this. Go into wordpress, add a new user – which will be you. Pick a username that is not your name and make sure you are the admin user. Then with the original admin user change their settings so they are just a contributor.
7) Change your passwords
Make sure you change the passwords on your wordpress site when you login. Go to Users, My Profile and enter a new password at the bottom of the page. It is also worth changing your ftp details. This you will need to do via the hosting company for your site. Make sure your passwords contain at least a couple of numbers, a capital letter and characters such as #%!.
8)Review your hosting package
If you have been hacked into several times in a short period, it may be worth speaking to your hosting provider and finding out what additional support they can provide. Review the package you currently have with them and research a more secure one. If your hosting provider does not have one, it may be worth looking for a new one. WhoisHostingThis.com is a hosting review website which I have been reading to research into new hosting providers.