Hacking seems to be on the rise recently so here are a few things to do that will make your WordPress site more secure and some steps to take if the dratted beasts have got to you.
Trouble can start at home so do a full scan of your computer. Avira is a free tool if you haven’t got one installed yet.
Strengthen all the passwords associated such as:
MySQL database [Note: You MUST change the password in your wp-config.php file to match your new database password or your site will stop working. You can find the file on your server via FTP .]
Did you ask your host if other sites on your server are being effected? It may not help but at least you will understand whether it’s a broader issue that your host is also addressing.
Your hosting package probably comes with a backup for the last couple of days, if you have been hacked it may be advisable to roll back to a previous backup of your site and then strengthen you security.
UPDATE WORDPRESS CORE AND THEMES/PLUGINS
Make sure that your version of WordPress is always up to date as they often package in security updates to match the changing environment. Good quality themes and plugins usually issue a new version to match an updated WordPress within a few days and you may decide to wait until that has happened. Some plugins are so simple that they rarely need updates though.
PLUGINS & THEMES
Occasionally, even extremely popular premium themes/plugins will have an unexpected security flaw. In which case, it’ll most likely be big news in the WordPress blogosphere in short order so check the WordPress plugin page and Google the names for news.
CHECK YOUR LOG
If you have been hacked, one place to start looking to see how they got in is through your website logs. You can find these on your server’s root directory with an FTP tool such as FileZilla. Open the access_log file for the time period you want to check and note the POST entries. This records access to your site – are the IP addresses all yours? What were they accessing?
Backup your site so that you can restore it to a previous version if something catastrophic happens. Check out tools like VaultPress made by Automattic who also make WordPress.