My wordpress got hacked. Totally my fault - I hadn't upgraded in ages. I upgraded the version. Deleted all the plugins that weren't in use. A file that I found in attachments call rtz.txt (or something like that - it's on my other PC) that I definitely never uploaded. Changed the admin password to something stronger. My question is - how do I know that I got everything? Without waiting for google to re cache the site which might be a while as now it's removed from the SERPS due to the hack. I can't see anything in the source code but then I couldn't before either. Hope you can help.
Did you upgrade all the old plugins too? The plugins you are using that is. I would check all the plugin sites and upgrade those too if there is a new version of any plugins you are using. Sometimes this is where the real fun is because if your site was moded any thing like I do to some of mine, many of the tweaks I do are in actual plugin files so you will need to try to re-create those tweaks if so. Also make sure all your template files permissions are 666 or stricter. Boulder
Thanks boulder. I only have one that I am keeping and that's Spam Karma. It could be the one! I'll check for upgrades.
Hi, There is a WordPress Exploit Scanner plugin that searches the files and database of your website for signs of suspicious activity. It was designed for WordPress 2.5.1 but seems to be working well with my WP 2.6.x blogs. Just one more false positive. You can read about the known false positives here. You can also try my Unmask Parasites service. It's free and you don't need to install anything. It may reveal hidden content (invisible spam links, iframes, suspicious scripts and redirects) in case you've overlooked something.