Hacked! Now What?

Earlier in the week a couple of friends were nice enough to let me know that Google was reporting that my site contained malware.  Unfortunately when I investigated it appeared that malicious code had found its way on to my site.

Fortunately I take regular backups, and the easiest way to fix was to restore the WordPress files from a backup (after of course confirming that the backup was Malware free).  My Database was not impacted so I did not have to restore it.

I am still trying to determine how the malicious code found its way in,  I am careful with my site using secure SSH and WordPress passwords, the only WordPress Plugins I use are well known and trusted, but I would like to solve this mystery.

In the mean time some lessons learned (or reinforced) and action items

• Backups, Backups, Backups, make sure they are running and TESTED
• I changed all my passwords related to my blog, including my Dreamhost account password, my SSH Account, and my WordPress password
• Changed my WordPress.com password since the account is linked to my blog via JetPack
• I changed my database password even though it did not appear to have been compromised
• After the cleanup was complete I submitted my site to Google for review and removal of the Malware flag which fortunately they were quick to do
• I am following up with Dreamhost to see if they had any known breach, though they are generally 100% transparent on the rare occasions they  experience any Hardware or Software issues

Thanks to having working backups this was not a big deal, but I would like to figure out how the malware found its way in, and what I can do to better protect myself in the future.

Has your site ever been hacked? Did I miss anything on my cleanup?  Have any suggestions to better protect my site? Please share them in comments below.