Site hacked

You could have a vulnerability on your local machine, and it would be worth running some free scanners such as ESET and malwarebytes. Or the server could be the culprit if your site is on shared hosting (your hosts will have a better idea). Also, if you access your site through public wifi, this can allow your credentials to be compromised.

As you mention wp-content/wp-admin were removed, .htaccess wiped. This suggests access through the cPanel/WHM/FTP. Are your credentials also strong here? Do you use encryption through your FTP client?

Sometimes it’s just hard to know for sure, but it’s great to know you have the option to restore from a clean backup, and this can be good motivation to ramp up security to another level.

The codex has excellent advice on hardening WordPress:
http://codex.wordpress.org/Hardening_WordPress

Also, the security plugin ninja firewall gives you notifications when an admin level user is created/logs in, or a recently modified file is created/accessed, and also takes a snapshot of your system which you can the check later to know which files have been added/deleted/modified.

Finally, how about having your own backup plugin just in case your host ever has issues with their backups? Belt and braces as they say in the north of England 🙂

Best wishes with getting back up and running again.

use plugins like ithemes security and BulletProof Security
use https://www.cloudflare.com/

scan your pc with malwarebytes

Also, scan your local computer for viruses/Trojans. A lot of times that’s where the problem is. Your personal computer gets hacked or you have a Trojan installed and they grab your password from there.

Don’t overlook that as another entry point.

Yep, that’s definitely very suspicious. Regarding the brute force protection, I’ve just remembered that your login is only accessible from your home IP. In that case, brute force protection would be unnecessary.

4.2.1 was released to fix cross scripting

to figure out what files were/are infected zip up the site and run it via Virustotal (if under 200mb)

I would break the site down into smaller and smaller gtoups of files until I figured out the offending code.

The first thing you need to do is secure your hosting change your passwords, use lastpass to generate secure 16 character complex passwords.

If you use cPanel and have more than one site you are vulnerable from one site (under your login) affecting another. One of the reasosn I do not use cPanel).

I would install new wordpress on a new DB, then import the site bit by bit after I have verified all files.

I would not re-import the user, options and user meta files from old site.

Remember that once a hacker has access to your FTP they can get access to your files which themselves give access to your DB.

I know you are worried about this but doing this gives you technical ability to take ownership of problems.

I would get wordfence, the free version is probably enough, although the paid version does have the ability to prevent access to the admin page from specific countries. I have found that excluding China, Russia, Ukraine and Romania cut 99% of attempted hacks. Then I decided to only authorize actual countries I wanted to have access to the Admin.

From what you describe it seems that they managed to put a file on the public facing site, then they ran that URL to test it, it probably infects users and chances are they would spam people to visit that link which would infect their PC

For SEO use Yoast, better IMO anyway!.