One of my customers just got hacked.
The hack was not very good, as it did not give the hackers control, unfortunately, it did kill the website.
It would appear that this site was hacked three-time, with each hack not getting fully birthed. Then on the 31st, when a whole lot of updates got done, the degree of access increased, these hacks then went active last night and killed the site.
- To fix this I copied the affective files to a hidden sub-directory.
- To have a look at later.
- Copies over clean version of the affected files from a good site.
- Gave these files ownership back to the site.
- And the site is up and running again.
- Since then I have installed the free version of WordFence on this site.
- They have their /wp-admin page hidden.
- All plugins have been updated.
- We need to get rid of any plugins they do not use.
The hack was a redirect hack, seeking to cause people coming to this site to then be redirected to another site somewhere else in the world.