Our external website got attacked yesterday (and not proud of it). We are very security conscious and hold NO data (customer or own) on our site excluding our blogs.
Even with strong admin passwords, we thought we were safe.
The only way we were safe is we make monthly off server backups.
We tried recovering some files but each time, there was a background script which would kill those newly updated files and replace with the ‘hacked page’.
We have now implemented a plugin called iThemes Security Pro.
This is a free plugin and is brilliant as allows so much configuration through a GUI (simple) interface, including renaming admin account, locking down php files plus much more.
It is also rated quote high and has over 700,000+ installs as well.
The main thing here is the fix was to restore from a backup after deleting ALL files on the host, then applying iThemes Security Pro
Make sure you backup, backup, backup. (iThemes Security Pro will do this for you as well)
If you need help with implementation of this, or assistance with a hacked website, comment here or contact Sterling IT.