Several of my clients’ WordPress sites got hacked during the past week.
Symptoms: You click somewhere blank on your web page and it will go to some spammy site or other, different ones each time.The folks at Cruzio are taking steps but here are some resources and recommendations from them:
Read this article.
This is very helpful info from WordPress Codex
What you need to do asap:
- Change your WP and database FTP passwords
- Use WP secret key generator to force logout of anyone still logged in.
- Go here and scan your website for free! They found it within seconds.
- Install and run the plugin Exploit Scanner to identify unknown files. Delete those files.
- Download a fresh copy of WordPress and manually FTP the fresh files over the old ones
- Delete extra themes that you are not using
What you should also do:
- Re-install fresh copies of all your plugins