Whilst everyone is (unnecessarily?) freaking out about WordPress security, here is a quick security fix that will help secure a hacked Website.
- On your Webhost, open wp-config.php in a text editor using FTP (or your file manager if you’re using Cpanel).
- Add the following to the end of the file:
- Save the changes to wp-config.php back to the Webhost.
What the above does is remove the ability to edit Theme or Plugin files when logged into WordPress (the security precaution being addressed with this fix is that a hacker may gain access to the editor and insert malware into such core WordPress files as header.php or footer.php).
Of course prevention is better than cure so please make sure you are using a very strong password in addition to a unique username (i.e. not admin, Admin or root).