I had a couple of 2.84 sites and a 2.84a MU site hacked by that bastard last week.
I could still enter the backends so I restored all those standalone sites by simply upgrading to 2.85. The 2.84a MU site failed on that. Luckily (an amazingly) it was a site not ever published so I just reinstalled that site by uploading 2.852 MU.
I thought it was all over and the 2.85 version is mighty enough to protect themselves. I was wrong when I found one of that same site was hacked again by them.
This time I had to look deeper as I have nothing to upgrade. Then I found this simple fixes:
1. They hacked just the wp-blog-header.php file at wordpress root folder, replace it by the original one will bring your site back to normal.
2. To avoid it be hacked again, chmod the wordpress root folder back from 777 to 755. Last time I set it to 777 when installing a cache plugin and never set it back. My bad, and learned a lesson on good house keeping.
Hope it saves you guys time to reinstall everything.
