This is a story that highlights the importance of keeping your WordPress core, Themes and Plugins up-to-date. A client who’s web host had turned their website off needed to have the site cleaned of malware and malicious code before the web host would turn their website back on again.
The site had been hacked and the hacker had even left their calling card “hacked by NG689Skw” in various php files on the site called I.php.
So we started by uploading fresh versions of the WordPress core and plugins that the client used. It was soon apparent that the source of the intrusion was via an old contact form plugin which we removed and replaced with a more secure alternative.
We then painstakingly went through the custom theme and uploads file by file, identifying malicious code and removing it piece by piece.
Finally when the site was able to be turned back on we put more stringent security measures in place and made sure user accounts had strong passwords.
This kind of attack is much more common than people think and once a hacker has identified a common exploit that they can use to gain entry they will do so and once in they can then use your site to do with as they please!