my site Johnny-Depp.org has been hacked yesterday by a Syrian group with the nice message, that the database has not been deleted etc., it was just forwarded to another site.
After a bit of search, I found, that only the most recent post was edited, a meta redirect was added to the text field.
It says, it was edited by buticut, one of my administrators (there's also a revision from myself the same time), we both weren't online at that time, she wasn't online for weeks because of her studies.
(see the Screencap)
I just edited the post (just had to save it again) and all was fine, and changed her and my passwords (and the secret keys in the config)
but of course I wonder
- how could this happen? Just through an easy password? Or can they have come in in another way and manipulated it somehow? maybe through a plugin? SO that the password change does not help a bit?
how can I prevent them from doing it again? Is there any certain log file I should request by my server provider where it is possible to see what exactly happened?
means: what shall I do now? Just wait if it happens again?
Thank you, Martina.