I have a client that runs a WordPress website. It seems that the other day he was hacked and they uploaded a phishing program to his website. I removed these folders from his website but now he's concerned about how they've achieved this and how he can remove the risk of it happening again.
Also, since this incident we've noticed that through cPanel and in phpMyAdmin, there is a new sql database called "information_schema", which he says was not there prior to the phishing folders being uploaded.
When researching this on Google, I've learned that "information_schema" is something added by mySQL and used frequently. However I really don't understand what it is and how it relates to WordPress, or does it? Is this related to the phishing program?
The phishing program was "Online Bank of America" and also noticed that there was another file uploaded to the root directory called "1.php", when loaded it displayed an email program that was used to send out emails from the website. We removed this as well.
How the hell did these people get into the website and how can we prevent this from happening again? Are there ways? I'm finding that hackers are a real problem with WordPress, and a lot of my clients are also experiencing these difficulties.
Thanks for any help.