Recently I was invited to fix a hacked WordPress site that started displaying a Google warning page as someone visits them. The thing is, the website was hacked for a couple of years, but they did not do anything out of fear of losing all data.
I had volunteered my Friday afternoons with the NGO and after helping out for sometime, we finally managed to have lunch as a team. Midway through lunch, they found out I was working on some WordPress products and told me their problem. And I thought it would be easy.
After lunch, I popped by the office and after a while, FTP-ed into their backend. The hack was massive. Here are the steps I took to fixed the hacked WordPress site.