My wordpress is hacked for the second time now, the first i notice is because the hacked sending me email notification and asked me to examine why my wordpress can be hacked by him. but because i could not find out, i just recover my website manually, in a way i installed it (wordpress standard installation).
the second attack happened just now, yah now sure when it happened but, yesterday when i tried to enter the login username, my wordpress did not respond well, and when i ask for forget password, it gave me new username, and i just realized that my website have been hacked again.
untill now i do not take time to look for the reason why it can be hacked i once again recover my website, doing non preventive steps such as :
1. back up database
database is where you save all your post in wordpress. you can open your phpmyadmin and choose export menu, or go to your control panel and choose database wizard, which will give you an option to backup your database. but becarefull dont backup all database, because it may also backup the hacked table. im not sure whether its right or wrong but make sure you backup what you need such as your posts. or if you dont want to use database you can use wordpress export tool, which will give you xml file that can be use to recover all your post. you can read the step by step in my post How to backup our wordpress data
2. delete old files
some sites suggest us to use good plugins because some attack can be addressed into our plugins or other part of our files. so to make sure we dont leave same hole in our website. we can delete our old files.
3. set up new updated wordpress and plugins
Make sure to setup new updated wordpress and plugins when you install new site. use strong password and uniq username. updated version of wordpress and plugins can minimize your chance to get the attack. for the example of the plugin i use right now, you can read it in my post How to strengthen your wordpress : plugins to secure wordpress
4. use security plugins
u can try to use security plugins but im not sure about this, since in my first time use the plugins my site still get the attack and i have to consider other options actually. but it my help you to strengthen the security on your website. for the example of the plugin i use right now, you can read it in my post How to strengthen your wordpress : plugins to secure wordpress
5. modify htaccess
some site suggest us to modify our htaccess files, you can see the example here
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
6. File permission
make sure you set the right file permission on all your files and folder, you can read about it here, File Permission on UNIX/Linux or here http://codex.wordpress.org/Hardening_WordPress#File_Permissions
7. Save your wp-content/uploads folder
uploads folder contains all images or other file you have upload to your wordpress and the file that you have used in your post. so when you just save your database, you will get error in every image file you use in your post. in order to save those and make it right you have to copy your uploads folder to your new wordpress installation. you also need to modify your permalink into the one that you have used in your previous website. to read about it How to edit wordpress permalink
Those are my step by step to recover my wordpress after being hacked, you can try to use it to but it is better if you consider other options such as trying to attack you own site to examine the possible cause and fix it. but im no good in this hacking actions so i havent try to do it yet.