My website was hacked a few weeks ago so I did some research and secured my installation with all the information I read on the web (change passwords, table prefix, secret keys, changed the admin user ID and username, block themes from being edited, etc). I also installed Better WB Security and did a lot of work on the htaccess file.
It all went fine for a few weeks, but today my website was hacked again.
Checking all the websites on my hosting provider, I noticed lots of them are hacked (I counted more than 15). Also, emails from my hosting provider are now being marked as spam by Google.
So I think this is maybe a hosting problem? I mean, what else can I change on my installation to make it more secure? I did a lot of things to it.
I'm using WordPress 3.5.2 and these plugins:
- All in one SEO pack
- Better WP Security
- Google Sitemap Generator
- No Right Click Images
- Post Types Order
- prettyPhoto Media
I'm also using a free theme called Touchfolio. I contacted the developer to check if he is aware of vulnerabilities on his theme, but he never replied back. I guess that's what you get when you use free themes, no support.
Right now I have my website password protected because I have no idea how they hacked it and I don't know how to protect it from been hacked again. What I know is that they only changed the index.php file.