I got an email yesterday saying, essentially, "I got hacked! What do I do? Oh, and we should grab coffee sometime."
Fortunately, there was a relatively easy solution, once I figured out what happened. Here is how you can fix things should it happen to you – and how to take a few steps to make sure you catch it quickly.
First, what they did. They got into the WordPress administrator's account, and changed the password and email address associated with the account. Then they changed the home page (index file) to some hate speech or other.
Here are the steps I took; you'll need a fair bit of comfort with the back-end stuff, but a basic understanding of what you're looking at will get you through. Check first to see if it wasn't something very simple, like just replacing your index file or something.
1. Change the database password. This will cause your WordPress database to stop talking to the server until you fix it on the WordPress side. Now the hacked site (or the real site) won't appear until you do that.
2. Log into your phpMyAdmin account. Go to Databases, and select the WordPress database. Select the wp_users table.
3. Edit the admin user. In the user_pass field, change the Function to ASCII, then enter the new password (it will encrypt the new password). Change the user_email field as well.
4. Overwrite your theme's index.php file (this is likely what got changed) with the original.
5. In your wp-config.php file, change the database password.
A few things you can do:
» Change your password regularly (in this case it appears they got in on the password, so keep your passwords good; chances are if they figured it out for one place, you're probably using it somewhere else and you want to watch your other accounts).
» Look at your site frequently. The less frequently you update your site, the less likely you are to look at it. Which means it could have been hacked weeks ago and, well, that's embarrassing.
» Update WordPress. You don't need your developer to do this for you. A little box shows up at the top prompting you. And then it will do it automatically. Really simple.