Hello everyone, I'm really hoping someone can help me.
I run a WordPress website that was hacked yesterday. My theme uses phpThumb, which is apparently very insecure. Someone used this insecurity to put random files on my website. I think their intention was to use my server to send out spam emails.
Very early yesterday morning, I was looking at my Google Analytics and noticed someone had accessed this page twice:
/wp-content/themes/my_theme/scripts/phpThumb/properties/index.htm. Of course I thought this was strange, but I really don't know a lot about web development. It was 2 am at this point and I was exhausted so I decided to look at it again in the morning.
By 9:20 am, I received an email from my hosting company (1&1) telling me my site had been hacked and listing the malicious files. I immediately deleted these files, and I deleted phpThumb and uploaded the newest version which is supposed to be more secure. I looked at the other files in my site but I didn't notice anything else suspicious (though I admit I know very little about this stuff). I then changed my admin password.
My site is completely unchanged. No new content, no new users, etc. However, I realize that doesn't mean that there's not something wrong with it. This morning I looked at Google Analytics again and noticed that someone has accessed that same page 3 times already. I cannot actually find that index.htm file anywhere.
I really don't know what to do and don't have anyone that can help me. phpThumb is necessary for my theme. Without it, my homepage just displays a bunch of broken links. I worked for weeks on this theme; I really can't change it. This is not just a hobby site this is for my job. My boss doesn't know about the hack yet. Is there anything I can do?