At some point in the next couple of weeks (basically when I can afford to blow an entire day or two on it), I’ll be nuking the website and redoing it.
Despite changing all my passwords, there are still problems. I found several files with malicious code, which I deleted, but it keeps regenerating–which means there are other files somewhere I haven’t found, and since I’m a newbie, the odds of me fixing all this on my own are pretty much impossible.
(Yes, I have Wordfence; yes, I know the free version scans for things; no, it’s not working with this–I found backdoor on my own.)
I’m not about to drop a couple hundred dollars on hiring help to fix it–I’ll nuke everything, build a new database, and reinstall. I’ve tried to export everything that I need so I’m hoping I’ll have all my old posts and pages, but any time I’ve done website imports/exports, it never turns out entirely right.
I’ll still give it one more go in case I can find more problems on my own. This is just an FYI in case the site is down for several days.
Wish me luck!
ETA: of course I might be jinxing myself here, but after a few more hours today, I think I’ve got things fixed. I’ll wait a day and see if any problems recur (and run some more scans). If it’s worked, I’ll restore the “subscribe to blog” things (I had disabled them to limit the amount of emails sent by hack triggers) and hopefully we’ll be good to go.
I’m going to have to remove and redo my faq section because that plugin was abandoned and presents a security flaw, but that’s far less to do than I’d anticipated.