WordPress site hacked issues
Create new files in WordPress core directory
WordPress added spam array code injection in core files
Renamed core files in WordPress wp-admin wp-content folder
How to check site hacked status
- Search site in Google, click on suggestion list and check site open properly
- Compare WordPress original folder and files list with your site files and folder
- Check for latest files modified date
If found some unexpected things in above check, then need to fix and clean WordPress.
Tips to fix and clean WordPress hacked site
- Take WordPress site backup first
- Download WordPress latest copy and compare it with existing files and folder
- Remove extra files if found
- Replace site core files and folders with WordPress latest core files and folders
- Change site password
- Change ftp, cpanel etc., password if required
- Update plugins and WordPress time to time
Most useful change if site hacked frequently
In my case spammer injects spam code frequently. After some research found that it possible by shell/command/perl. But it possible if they knows file path. Suppose your site name is example.com and you create folder example.com for WordPress code in public_html.
In above case spammer easily try change file by path like sitename.com/wp-contet/….
- Suggestion to change wordpress site destination folder name in public_html
Above is detail for some basic security for WordPress, hope it helped, if found critical issue in WordPress site.