It was wise to not enter one’s password in an unfamiliar form. There are a few alternatives to safely change one’s password. See Resetting Your Password. You probably saw FAQ My site was hacked but it is the best resource on responding to a hack.
This could have happened any number of ways, and it’s often difficult or impossible to determine how after the fact. The best response is assume all entry points are compromised and repair all of them. It can be possible to manually clean a site, but the chances of overlooking a hidden backdoor are very high, meaning the hacker can likely return and you have to start over again. The only sure response is a clean install and restoring from a known clean backup.
To help prevent it from happening again, see Hardening WordPress.
The hack is because your wordpress version is outdated. Please kindly update your wordpress. Check out the information here.
Thank you for the link to Hardening WordPress and other info. The site has been restored from a backup and I’ll pass your info along … and recommend new passwords, etc.
Also … no, the reason is not an outdated version. The current version of WordPress had this happen.
I am having the same issue with our website. However we are not able to login or change passwords at all. We aren’t able to access our admin page to delete the things this person has done. I also tried logging in via ftp, but that too failed. I’m guessing her has blocked any other user from accessing the website or admin panel. Is there a way around this? We have the most current update of WordPress, so that shouldn’t be the issue. We need help!
Thanks so much,
Marrianne
@marrianne – this thread is old and already marked resolved – hence, you need to start a new thread for help with your issue, which is also not the same as the OP.