A WordPress installation can get hacked due to a number of reasons:
- Outdated patches: Always keep your wordpress updated to the latest version
- Unsafe plugins: external code like the timthumb plugin can allow for a website to get hacked because of vulnerabilities that might exist in the plugin itself, always keep your plugins up to date
- Unsafe themes: Be diligent about where you download themes from, a badly coded theme can open your site to attack
- Weak passwords: Please use strong passwords, some passwords tips are on this article: http://my.nativespace.co.uk/knowledgebase.php?_m=knowledgebase&_a=viewarticle&kbarticleid=46&nav=0,12
- Stolen FTP credentials: viruses that are present on PCs and computers can be used to upload dangerous code to a WordPress site.
Where Can I Find the Malware
Malware can be located inside HTML files, PHP files, inside your database, inside directories , configuration files and many other places.
How to Remove the Malware
- Change all your passwords
- At a minimum change your cPanel password and the secret inside wp-config.php
- Check your .htaccess file for compromise
- Make sure the third party plugins you use have good reputation.
Follow the steps in this resource:
Hardening Wordpress (http://codex.wordpress.org/Hardening_WordPress)
Additional Resources
http://codex.wordpress.org/FAQ_My_site_was_hacked
| 
(1 votes)
This article was helpful
This article was not helpful