Have you had WordPress hacked? I sure did, same site, way too many times. Very, very frustrating. Each time, they used the site as a mailing system and sent out some rather nasty emails, all from fictitious people supposedly from my domain. All of it bogus. Since this site shares the same ip address as other sites I have that DO send email, I was getting blacklisted too and it was affecting other sites on that same server.
Here’s a few tips, first, check your spam buckets often. You’ll see returned email that never made it. A lot of them since nobody wants this kind of email anyway. But you need to make sure you server is set where there’s some kind of limit on the amount of email being sent out each hour. That’s in your WHM on your server. If you don’t have access to that or know what I mean, you’ll need to contact your service provider or hosting service and ask them to do this. If you set your mail limit to say 150 per hour, then these hacker emails will almost always exceed that. When that happens, you’ll start getting emails from the server saying you’ve exceeded that limit and it will tell you exactly what file was causing it. In the site I had trouble with, every time, it was different files and different spots. In this way, even if you do get hacked, you’ll know pretty quickly and can shut them down fast and be able to tell which file is the problem.
Then change all your passwords, not just the cpanel, but all your ftp accounts. make sure if you have an alternate ftp account you created manually other than the default that you also change it. Use a long, crazy password. Login and change the wordpress password, make sure all your plugins, themses, etc are updated. Delete all the plugins, themese, ect you are not using.
Then watch closely to make sure you don’t get wordpress hacked again.
Lastly, I installed a plugin called WordPress Defender or WP Security. http://wordpress.org/extend/plugins/wp-security-scan/
Do whatever it tells you to do and scan your system once in a while.
You can also use a site like
To scan your site, make sure it’s alright.
Last, but not least, make a backup of the database, delete he whole dang thing, reinstall wordpress from scratch and then restore your backup. Make sure you get all your graphics first.
There seems to be no way to make this never happen again but you can greatly reduce the liklihood and at least know as soon as possible and shut them down.
Hopefully they’ll get tired of you and find an easier target.
Here’s more on what you can do to Defend Yourself http://www.jamesstoneseo.com/2013/04/02/wordpress-defender-plugin/
By the way, if you have a site of your own and need some additional advertising that does as well as Google Adwords for a fraction of the cost, please take a look at Advertise Your Business Now