Hacked Wordpress sites - Additional help

Hey Josh - sorry to hear about your malware issues on WordPress!

I work with a community support department for a hosting company and we very often get involved in reviewing WordPress sites that have been hacked. The last one I reviewed was hacked through the theme. While I don't recommend a SINGLE solution, this one is very good in that it reviews ALL of themes that you have loaded and will note if one is showing up as hacked:

http://wordpress.org/extend/plugins/tac/

Other than that, if you don't trust the plugins, as long as you have access to your WordPress Admin dashboard, you can always go in and change themes to make sure it's not the source of the issue.

Finally, a very common hack that you might see is an .htaccess injection. Common examples of hacks in this file are additions of redirects (normally to a bad site) and base64 code (which are typically redirects). You can find a lot of information about this common hack here:

http://wordpress.org/tags/htaccess-redirect

If you want to see what a normal htaccess entry for WordPress, look here (it's a forum post in Wordpress, but it shows the correct default Wordpress htaccess):

http://wordpress.org/support/topic/i-destroyed-my-site-default-htaccess

Remember to make a BACKUP if you're not familiar with making changes to ANY of your configuration files. That way, if you do make change and it's not a good one, then you can revert back.

Finally, you mentioned SITES - instead of a singular WordPress site. From experience, I can tell you that sometimes there may be a single compromised site that can lead to your others becoming infected (especially if you're on shared hosting). Make sure that you enforce the cycling of the Admin and user passwords when you have a hack issue. For that matter - make sure you cycle ALL of your account passwords. It just good practice and should be a necessity when security issues are the issue.

I hope this helps you with your malware issue!

-Arnel C.