My Wordpress site has been hacked! How do I clean it up?
The only way to ensure that a hacked Wordpress site is fully rid of a hackers code is to follow these instructions:
1) Using FTP or SSH download the wp-content/uploads directory to your computer, virus scan all files and ensure that its hack free.
2) Using FTP or SSH download the wp-config.php file and write down the database name, username, and password.
3) Login to Wordpress (if you are able) and write down the exact names of all of your active plugins.
4) Using FTP or SSH delete all code from server (leave database in place).
5) Re-install a fresh Wordpress install by FTP'ing NEW Wordpress install files back to server. (do not use *any* old Wordpress files and do not use our dashboard installer to reinstall Wordpress.)
6) Configure new Wordpress wp-config.php file to connect to old database using the database info you collected in step 2.
7) Reinstall all plugins that you noted in step 3 via the new Wordpress. (Do NOT re-upload existing plugins as they are a likely source of hack.)
8) Change all Wordpress username and passwords and delete any Wordpress users that you are not familiar with. (may require reviewing Wordpress users database table directly.)
9) Re-upload your *cleaned* wp-content/uploads directory to the server.