I suggest you stop everything and take care of this now!
One of my client’s WordPress sites just got hacked! Unmercifully!
The hacker changed all passwords to the site so neither of us couldn’t access the site from the admin window.
Then the hacker changed our database passwords which means we couldn’t get into the image files to reuse them on the site.
Next he deleted every backup stored on the server.
Why, you ask, would a hacker want to do this? So the hacker could install a virus on my client site. As a result 34 site visitors were infected upon visiting his site!
To top it all off Google blocked his site completely!
It took days to get the issue fixed and a complete rebuild of the site was necessary.
I guess it was inevitable that Hackers would choose to start attacking WordPress because of it’s popularity but I wasn’t prepared for the vindictive way of doing so. I would expect them to change our passwords maybe or install a virus. These are predictable, but I didn’t expect them to wipe all our backups away! Causing us to have to rebuild the site from scratch. This was just plain mean! Not to mention costly to my client.
Here’s a link to steps on how to stop hackers on your WordPress site by WordPress themselves.
After stepping through this for my client and implementing it on several other sites I have put together some options for getting your sites safe as well.
Hope this helps.