My wordpress blog was hijacked. I did not realize it soon enough, because I never noticed anything unusual, except that my traffic fell 70%.
At first I thought it was coz I had activated CloudFlare on my blog, and so I disabled it. But traffic did not return.
A couple of days ago, I accessed by blog from an iPad, instead of my PC. And I was shocked to see I was redirected to some spammy site called googledservics or something like that...
I ran a Virus Scanner from my cPanel, and it removed a couple of files which it said were infected.
Later today, I checked my blog using http://sitecheck.sucuri.net/scanner/ and found it was still infected.
Found some code which was not supposed to be there in my theme files.
In functions.php, I found
And footer.php had a line of code
I have removed this extra code, but am not sure if it was a false alarm or really malware. A fresh unmodified copy of the theme does not have these extra lines of code, and I sure did not add them.
What should I do now? Could there be more of such malware code in my blog? I have changed the password and made it more secure. But I am afraid it could come back.
In logs, I have found hundreds of attempts everyday to access wp-login.php
My infected blog is http://www.civilprojectsonline.com/