It can happen to nearly any WordPress site. Sometimes hacks come from old versions of WordPress, plugins, or themes. It can also happen when a new vulnerability is discovered in WordPress, but an update might not have been released to cover the vulnerability yet.
First, you will want to get all the hack removed, which you can contact us to assist with scanning your account or look below for some steps on scanning your account. Next, you will want to take some steps to prevent this from happening again. Below are some steps to help protect your site:
Because hacks frequently come from old versions of WordPress, plugins, or themes, it is important to update all plugins, themes, or the WordPress version to ensure the hacker will not utilize the same vulnerability. If a theme or plugin is out of date and the developer is no longer supporting updates, then you may want to consider finding a new theme or plugin that is still being actively supported and updated.
You may want to consider getting a WordPress security plugin either to stop brute force logins or to scan for vulnerabilities. Wordfence Security is a free security plugin that scans WordPress websites for vulnerabilities and known threats. You can view the plugin at this link:
Note: Wordfence uses slightly higher PHP memory to run. If you want to install it, you will need to change the memory limit in the php.ini file to 56M. If you are unsure of how to do that, then please contact us.
If you contact us regarding this hack, then we automatically scan this account to remove any injections. However, if you ever wanted to scan your site on your own to prevent PHP Shell scripts, then you can run your own virus scan on your account. Many up to date anti-virus programs can detect PHP Shell scripts. AVG is a good example.
To utilize this as a resource follow the steps below:
Your anti-virus program should notify you when the scan is complete. It should provide you with logs of which files contained PHP Shell scripts.