Back to Normal
Details of the wp-hack (for anyone who cares):
Seems to have been attempting to masquerade as the commonly used wp-cache plugin files. Thing is, I don’t use that plugin!
Telltale odd files in the content directory.
- advanced-cache file looks like link but is a dubious symlink
- wp-cache-config file seems dubious
- dodgy additions to plugin directory (false wp-cache folder)
- hacked config file: removed false ‘WP-CACHE’ declaration near database name declaration line
- the only corrupted file in the theme was the index file thankfully, so a password reset was all that was left to regain site control
Following handy http://www.solostream.com/blog/tutorials/how-to-fix-your-wordpress-site-if-it-gets-hacked-part-one/ I was able to restore site functionality. I hope I have secured the site against a repeat, by changing passwords and strengthening permissions on the config file, but will need to make sure of this! Some help from http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
Service resumed as normal! Bed time…