Here are some tips on securing your Word Press install after a hacking incident:
- Remove the hack completely first and foremost
- Change the admin area password and any admin accounts, use a computer that is clean of viruses
- Change the cPanel password from a secure computer
- Change the database password for WordPress
- Ensure there are no additional FTP accounts setup, or change their passwords.
- Check the WordPress plugins that they are up to date, any plugin unused must be removed. Any plugin that is outdated or no longer supported must be removed (this is important as many hacks occur through the plugins).
- Keep your WordPress and plugins up to date.
- Check if the theme itself was hacked, if it was then you need to change the site theme
For cleanup:
http://sitecheck2.sucuri.net/results/www.mvc.on.ca
http://codegarage.com/hack-cleanup/
Hardening WP: http://codex.wordpress.org/Hardening_WordPress
BulletProof security: http://wordpress.org/extend/plugins/bulletproof-security/
