Hacked Agency Theme
It would appear that after talking with my host about some suspicious files - a few of my sites (under the one account) have been hacked. One of those that appears to have the majority of the files is an Agency theme site. I am lost trying to figure this all out and don't know what steps I need to take. However, the host mentioned that I should verify with you that "if the code you are running from them contains the vulnerable timthumb code."
They go on to say ....."contact them, and see what they advise. One of the dangers here is that the attackers could have embedded malware in the posts in the database, or even added new WP admin users there to facilitate their continued ability to attack the site. Certainly saving the database is a good idea and, as long as you use the same version of WordPress for the new install, you should be able to use the old database with the new files (we don't provide specific support for this, but it is not that difficult to do .
Basically I have no idea what to look for. The only reason I noticed a suspicious file on one domain was because I had not yet uploaded any files and found a php file. I'm assuming not all php files are hacked files because I see a ton of them in other wordpress sites I have as well as the site using your Agency.
I just don't know what to look for. .. how to recognize which files are "suspicious" files!
Any help would be greatly appreciated.