Here is a basic checklist of to-do’s when your WP web sites security has been compromised.
- Install Wordfence if you have not done so already
- Run scan
- Delete all infected files via Wordfence
- Change User logins (change admin to something else)
- Change DB pass
- Change FTP pass
- Change salts in WP Config (https://api.wordpress.org/
- Delete unused plugins
- Delete unused themes
- Delete spam comments
- Exploit Scanner
Another way to stay on top of security threats is to host on a WordPress specialized host such as the one we use, WPEngine.com, which will alert you proactively to known threats.
Some further readings for experienced developers:
If you have questions, feel free to write or call.
If you have not done so already, please feel free to opt-in to our newsletter here.