Fix hacks on websites

100% trustworthy contractor needed to clean up my 12 Wordpress websites which are still working, but have been hacked a number of times in past month and we need to identify and fix the source of the hack to prevent further problems. I need a good tech person so if this works out well, I will use you for other similar work as the need arises. Please note: all sites are using latest WP version, all plugins are active and up to date. Have strong passwords. 1) Update all pre-packaged web software to the most recent versions available from the vendor. The following site can help you determine if you're running a vulnerable version: [login to view URL] TimThumb (v1.09) : /home/[will supply]/[login to view URL] (OUTDATED!) (full list will be supplied) - WordPress installations need to be updated to version 3.5.1 or later. - TimThumb comes as part of certain WordPress plugins. Versions prior to 2.4 are vulnerable. After a hack you should remove all themes/plugins and reinstall the ones you need from fresh/clean downloads via a trusted source. Make sure any themes that you reinstall have an updated version of TimThumb, if applicable. - Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server. You should check any other domains (if applicable) for vulnerable software as well, as one domain being exploited could result in all domains under that user being exploited due to the shared permissions and home directory. The following softwares are likely fine, but you should still perform the remaining items on them just-in-case: WordPress (v3.5.1) : /home/[will supply]/[login to view URL] (Up-to-date.) (full list will be supplied) 2) Remove ALL third-party plugins/themes/templates/components after upgrading your software installations, and from those that are already upgraded under an infected user. After everything is removed, reinstall only the ones you need from fresh/clean downloads via a trusted source. These files typically persist through a version upgrade and can carry hacked code with them. Also, many software packages come with loads of extra content you don't actually use and make searching for malicious content even harder. 3) Review other suspicious files under affected users/domains for potential malicious injections or hacker shells. Eyeballing your directories for strangely named files, and reviewing recently-modified files can help. The following shell command will search for files modified within the last 3 days, except for files within your Maildir and logs directories. You can change the number to change the number of days, and add additional grep exception pipes as well to fine-tune your search (for example if you're getting a lot of CMS cache results that are cluttering the output). find . -type f -mtime -3 | grep -v "/Maildir/" | grep -v "/logs/" Likely hacked code / hacker shells that we could not automatically clean were found under [my hosting account] here: /home/[will supply]/[login to view URL] full list will be supplied - 154 infected files, they say For information specific to WordPress hacks please see: [login to view URL] More information on this topic is available at the following URL under the "CGI Hack" and "Cleaning Up" sections: [login to view URL] I will need to know the problem you find and how it was fixed (not in detail).