I came home from lunch today to find an email: "Password Lost and Changed for user: admin" Not only that, but the home page was gone, and only displayed an error message.
Lucky for me, I googled and got instructions to log into the web server, then MyPhpAdmin to remove the attacker's email address, reset the admin password and suspend the site in case it was spewing malicious code. It was 5 minutes of sheer terror I don't ever want to experience again.
Even luckier for me, the google results led me to this plugin. The walkthrough after installation is amazing. No other plugin I have ever used makes it so easy to learn about the features. I bought four licenses, one for each of my businesses.
*Two factor authentication login is now in place for them all.*
It will take ages for the web site hosting place to sort out my site, but I took this wake-up call so that it will be the first and last time my site is breached. In fact, I will suggest they use Wordfence to help audit the site to see if really bad things happened to it.