Discovering your site has been hacked is one of the worse things I've ever had to endure in terms of running this site. There's been a real spate of Wordpress blogs being hacked and it's easy to get your head in an 'I won't happen to me' state of mind. For me, it was a case that malicious code was inserted into my WordPress blog database which resulted in users of the site getting endless redirects and popups all telling them they had won an iPad!
Once you know something is wrong with your site a sort of PANIC STATE kicks in! People that don't run blogs may think that's a bit of an overreaction but when you see something you have poured your heart and soul into for 3+ years and earns you money be held to ransom and even though you might be quite technical you can't figure out how to fix it and feel helpless.
The first thing people usually do once they realise their site has been hacked is contact their hosting provider and see what assistance they can offer. The first issue I actually had at this point was that my provider couldn't see the problem! Why? Because they had adblocker turned on on their PCs so they didn't see all the popups that were appearing so I wasted yet more time getting them to see the actual problem.
A typical 'fix' that hosting companies do when a site has been attacked is to roll it back to an earlier day before the attack happened. This would be fine it rollbacks typically involve everything BUT the database which is where a lot of the malicious code ends up getting inserted. So as the site is rolled back the database stays the same and carries on being infected so it doesn't fix the issue.
It's usually at that point that unless you have a hosting provider who is very skilled in the world of security that they will tell you to go and seek the advice of a security firm.
Now you might at this point try and see if there are any FREE security tools you can use to check for viruses and malware on your site however the problem you are going to have as we mentioned earlier is that those programs won't be able to detect malicious code in your WordPress database and it's at this point that you need to put your hands up and contact the professionals which is exactly what I did when it happened to me.
There reaches a point where you realise you are just wasting time trying to fix something neither you nor your hosting provider can do and the longer your site is infected the more damage it is doing not only financially but also if Google end up blacklisting your site due to infection it could have a real knock-on effect in terms of ongoing and future business you may have.
How I got my blog cleaned from malicious code in under 3 hours.
The company I used are called SiteGuarding and they offer an amazing MALWARE REMOVAL SERVICE where they will remove viruses / malware / malicious code injected into your database etc within 1-3 hours. The cost for that service is currently around £94 (there is a within 24hrssolution for around £42) which may be quite an investment for anyone running any kind of blog for a hobby however you are paying a professional company who specialises is nothing BUT the security of websites to deal with it AND THEY WILL
After I had bought their service we chatted on LiveChat and they went about getting the job done. So a situation that started around 1pm and was a complete nightmare was all resolved by 4pm! Once they have cleaned and fixed your website they will monitor it for 14 days for any changes that might take place that would cause them any concern. This covers thing like unwanted files or attempts to login to your Wordpress admin panel and much more.
I was so impressed with the service they provided that I wanted them to carry on protecting my website and I came to the realisation that it's no different than using an alarm system to protect your home. I've signed up to their PREMIUM cover which is only about £16 a month but offers ongoing cover and monitoring of your website and if the worst should happen they will fix it within 3-6 hours. The huge level of comfort this brings whereby you know that if your site does get infected you don't have to do anything about it as you know SiteGuarding will take care of everything for you and clean your entire site and database.
Even if your site hasn't been hacked yet I can't recommend using a service of some kind to prevent it from ever happening because as they always say prevention of better than the cure. With the amount of time and effort we all spend on our sites it's worth having some good security in place around it to prevent it ever being hacked!