Hello community and computer experts!
I would describe myself as an experienced PC user, never visit malicious sites, almost rarely download stuff and if I do, only from secure sites and so on. I host a few websites for myself (self-hosted Wordpress) and today was the second time in 2014 that one of my sites got "hacked".
1. There were 3 PHP-files in the root directory (named like z6ag5azy.php) which Google automatically detected as malware and sent me a mail to check my site. I instantly removed the files and everything is fine again.
2. The second incident happened a few months ago and was different from the one today. Someone put a script in my header.php - my hosting system automatically detected and removed it.
I'm not asking for specific help for the 2 hacks, it's all fixed now. But I need help to find my flaw, because I don't want this to happen again. Here's a list of things that come to my mind:
- I use Skype and have many contacts. Could that be a problem?
- Antivir and everything is installed, my PC seems 100% fine. Never had issues with malware or stuff on my computer.
- My website (Wordpress) install was one update (3.9 instead of 4.0) behind. I immediately updated now.
- I use FileZilla for uploading the files onto my webserver.
- I pay alot for hosting my website, I don't think it has something to do with their server security.
What do you think seems most plausible, how could those 2 hacks on my website happen? The thing I ask myself is, if the hacker had access to my whole webserver, why did he only upload and change those 3 files at the one website? No other projects/directories were touched.
Every help is appreciated!