My wordpress site was hacked. I've done three things so far:
At first I thought it was a simple script that duplicates as "pending posts" in my blog bar. Now I think it's more serious. The hacker disabled the Published Content "category" link where the pending posts are displayed... so that I can't delete it. His ad scripts keep duplicating.
When I went to delete this category I saw I couldn't then changed the category to "hacker." He then let me know he was on my site by scrambling some of my content and deleting other content.
I set up three security systems, deleted unused plugins, then quit the Foxfire browser I was using, opened Google Chrome did a search for my site: http://www.alisonperryart.com, clicked the url and was directed to this red flag window:
This is probably not the site you are looking for!
You attempted to reach http://www.alisonperryart.com, but instead you actually reached a server identifying itself as *.bluehost.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version ofwww.alisonperryart.com.
You should not proceed, especially if you have never seen this warning before for this site.
I updated all plugins and themes, then logged out of my site, then attempted to change my url login administrator password and got this message:
The e-mail could not be sent.
Possible reason: your host may have disabled the mail() function...
IS THIS AN INDICATION MY SITE IS TOTALLY COMPROMISED?