Website Hacked - Any thoughts??

[vfontjr]

A site I have manage somehow got hacked and defaced. The site is heartofmyheartorphanage.org. It uses the Genesis Outreach (Ver. 1) theme. I’ve repaired the damage, but thought you might appreciate the details. The hackers:

1. Changed the site’s admin account back to the default admin name and erased the admin email.
2. Installed a plugin called [iframe]
3. Replaced the site’s functions.php file with one of their own.

If anyone has any thoughts on how they did this, I'd appreciate hearing your ideas.

[NicktheGeek]

It can be a beast since it can occur in more than way. If you are lucky you can fix it by:

• Replace all WordPress files except the wp-config.php file via FTP with a new clean download from wp.org
• Delete all themes you aren't using including Genesis
• Delete all plugins
• Upload a new copy of Genesis and remove any malicious code from the child theme. Since the child theme is simple it should be easy to identify code that wasn't part of the original theme or code you added.
• Log back into WordPress and change your password
• remove any users you don't recognize
• upload your plugins again, make sure they are clean copies
• change FTP passwords and do a virus scan on your computer and any other computer that has FTP or admin access to the site.

You should check out this article
http://www.copyblogger.com/wordpress-website-security/