I know that logic tells you to look at the areas where you can see the spam links. But with hacks, the focus really needs to be on finding the sources of the malware. When you find and correct the sources, those spammy links will go away.
When you said that you had cleaned all the files added, I assume that means you found and deleted files that should not have been in a WordPress installation, is that correct?
What about doing any server side scans? I suggest you install Wordfence. When you have the plugin installed, go to Wordfence > Options >Scans to include and check all the boxes in this section. Than run a scan and let the forum know what, if anything Wordfence finds.
Many thanks to Tara and wslade for coming back to me. It’s a relief ot know that this type of support is available.
Tara: The list of links was great. Having gone through every step in the ‘FAQ_my_site-was-hacked’ post the rogue code/spam links on my site disappeared at the point when I changed my secret keys. I am not sure why that should be the case but I am just pleased that the rogue code has now gone. I am now in the process of hardening wordpress.
wslade: Yes, that right, I did find and delete a range of files that should not have been in the WordPress installation. Having done this and a range of other things, I got my hosting provider to run a server scan and they gave me the all clear. I will, however, have a look at Wordfence as well.
Once again, many thanks to you both for coming to my aid. Let me know if there is anything else I should do/be aware of.
Great News! I’m glad you got your site back. You will probably want to find an article about cleaning the database before you consider the site completely malware free.
Wordfence is a very good plugin for ongoing security. I suggest you fully configure it and use it as security for your site. The help link provided for each option usually gives enough info to know what to enter for that option. If you have any questions about what to enter, come back here with your question.
I make full use of everything Wordfence has to offer except the performance boosting features. I already have a caching solution and I’m too lazy to look at what Wordfence offers.
Don’t forget to change every password using a strong, unique password. Build a back up plan if you don’t already have one. And enjoy blogging…
