Today I had my WordPress hacked not once, but twice! First time, the hackers added several dozen zipped files into the wp-includes/images folder that un-zipped into several additional folders that had names like viagra, cialas and the like. Each folder had several files including several html 'phising' pages that were aimed at sites like Lloyds TSB and Wells Fargo. It was activated and maxed out my email system with over 500 emails within an hour. About an hour and a half later, I got an email from RSA Security stating that a phising attack on the Lloyds TSB was traced back to my website! Their email also gave me the URL of where the file originated (the images folder). I corrected that problem and everything was good.
Later the same evening, my entire site went down, again attacked through WordPress (several files were changed at the same time the site went down) that added a "new" index.html page in my public_html folder.
I corrected that, but had to change/correct a couple of WordPress files to make it functional again.
I'm afraid to see what tomorrow brings.
My question is has anyone else had problems? If so, anyone have any idea on how to prevent this from happening or at least make it more difficult and/or easier to correct the changes after this occurs?
I hate to remove WordPress because I have established a good list and client base and being a very public website, many visit for the info placed there.
Thanks for any help/info.
Dir. of Web Operations