Here is a basic checklist of to-do’s when your WP web sites security has been compromised.
- Install Wordfence if you have not done so already
- Run scan
- Delete all infected files via Wordfence
- Change User logins (change admin to something else)
- Change DB pass
- Change FTP pass
- Change salts in WP Config (https://api.wordpress.org/
secret-key/1.1/salt/) - Delete unused plugins
- Delete unused themes
- Delete spam comments
- Exploit Scanner
Another way to stay on top of security threats is to host on a WordPress specialized host such as the one we use, WPEngine.com, which will alert you proactively to known threats.
Some further readings for experienced developers:
http://codex.wordpress.org/
http://codex.wordpress.org/
http://wordpress.org/support/
http://smackdown.
http://ottopress.com/2009/
http://sitecheck.sucuri.net/
http://www.unmaskparasites.
http://blog.sucuri.net/2012/
http://www.elegantthemes.com/
If you have questions, feel free to write or call.
If you have not done so already, please feel free to opt-in to our newsletter here.