Hello there,
I hope that you already solved your problem and that you won’t need to read my comment. However if you still have this message:
Regarding the current attack: Can you find the word “Encyclopedia” in your database and in your code (by code I mean the entire code – to search you would have to ftp the code to your PC or use remote shell on your host) ? My guess is that it is most probably somewhere in your database. Using php my admin, have a look at the content of your tables and look for this word (maybe in wp options). One technique would be to export each table of you wp db in a text file and look for the text in the text file.
This is one of the techniques you can use to prepare for the next attack:
– save your content regularly using the export tool in wp admin (tools, export)
– save you team customization (folder wp-content/theme/ , in there, copy the folder corresponding to the theme you customized)
– note down your list of plugins
– note down your settings in settings, general
– note down the configuration of your widgets (appearance, widgets)
– install and configure a security plugin, like “Better WP security”
In case of attack, you can then either try to replace the hacked code with the saved code, but most probably you will have to :
– reinstall wordpress
– import the xml file you exported
– ftp the customized theme back
– re-configure the widgets and plugins
Hope it will help !! Please let me know if you need further help
Vincent
