I've been informed by a customer that my Wordpress website has been hacked. Anybody have any suggestions on how to go about finding someone trustworthy and not too expensive to help get it cleaned?
https://sitecheck.sucuri.net/results/www.beetlebox.com.au
Thanks in advance..
IMHO, it looks to me like someone has gotten hold of your admin password and included the malicious code through the Wordpress CMS. As a first step, change your wordpress admin password to something super secure. Then perhaps, you can go to those pages in Wordpress admin and see if you can clear them out yourself. If you can't see the malicious code, try deleting the content of the pages and type in the content again from scratch, as the malicious code may not show up in a rich text editor. There are only 6 pages to clean, so it doesn't look too bad.
Contact your host to see if they can restore your site.
Thanks for the comments everybody.
Update is that I contacted my host, first and asked them what they thought. They quickly had a look, and said that the WP version was very old, and therefore vulnerable to security breaches. They said that they recommend using Sucuri in cases like these. I had a look on Upwork (freelancer clone where I have an account), and checked out a few possibilities, but in the end, decided that Sucuri's basic plan was not too bad. $US 199 to clean it up, and monitor it for a year. They said that they didn't offer a one off clean, since it is normal for sites to get reinfected quickly for a few weeks, until they really are able to get it finished off, but their Basic plan is about what it would cost to get a site one off cleaned anyway. (Someone else quoted A$600) I will have to remember to cancel it in 11 months time, if i don't think it is good value.
Finally I got my usual web guy to go through the site and update the platform, and also all of the plugins. Apparently in the newer version of WP, you can enable automatic updates for all of the small updates, and then you only have to manually do the major ones yourself.
All of this stuff is happening at the moment, so hopefully in 24-48 hours, everything will be looking good.
The website part of running a business is painful. You always feel like you're getting ripped off. The industry (development, design, SEO, malware protection etc.) is new, and therefore its hard to tell a decent honest operator from a charlatan.
Thanks again for your comments.
Unfortunately this is a common theme with WordPress. Alot of time it's left out of date many versions plus all the plugins are left out of date.
Honestly I'd go onto freelancer and post your job on there, add a budget you're willing to pay and then accept one of the recommended high rating bids.
Generally will just need to update everything and remove malicious JS from the templates.