Hack help

If you kept backups: the easiest, cheapest and least time-consuming approach is to wipe out the entire WP installation and rebuild from the most recent unaffected backup. After WP reinstallation you'll have to immediately update all the plugins, themes and WordPress core to their latest versions.

If reinstalling WP doesn't fix the issue you'll have reinstall the entire server OS (likely some sort of Linux) as well. Unless you have the know-how, time and patience to fix the issue without reinstallation.

If you didn't keep backups: you've just committed the gravest of IT sins, let this be a lesson. Get ready for putting in some long hours into this, especially if you don't know what you're doing.

1) If you're lucky, the attacker is a script kiddie who just used an automated tool that scans websites then breaks into vulnerable or out of date plugins/themes/WP. There are some security plugins that can scan for and remedy such things. They are iThemes Security Pro and Sucuri. They are NOT free, so you'll have to throw down some money. There might be free analogues out there, you'll have to do your own research on that though. At the very least use the free Sucuri website scan, so you know what you're dealing with. If you don't have the budget, save what content you can and reinstall WordPress from scratch.

2) If you're not so lucky and the attacker is any good, they likely installed a backdoor after breaking into WordPress and possibly messed with the server OS itself. If you don't have any sort of competency in server security and/or administration then best approach is to wipe out the entire OS and start from scratch. This problem could be exacerbated and next to impossible to fix if you use shared hosting.

First, assume that situation 1 is true and do everything to remedy that. If it doesn't help, you know you have situation number 2 on your hands.

Good luck.

/r/Wordpress Thread