Guys this is too frustrating, my Wordpress website has been hacked twice and on both occasions I think they are trying to extort me.... the first time I deleted this index file he placed there and then the site was back to normal. I upgraded to the latest version of Wordpress and changed my password.
Then I realized I was hacked a month later. The support people keep saying that I must update my password regularly to protect my domain but this has never happened on any other webhost, like GoDaddy.
Please help me out here guys what do I do...what are the best practices to stop this from happening again?
Personally I deleted unused aspects of Wordpress in my installation.(not disabled, deleted) I then disabled anything that wasn't used and non-essential. I've never had problems in years of use. I'm a coder so this is a lot easier for me to say but the point being that limiting access seemed to work for me.
BTW, don't confuse WordPress hacks with hacked servers. There are some hosts that are literally infested with sites hacked with hidden links that appears to be a hosting problem, not a WordPress problem.
If you've had this issue you should use Google to see what people are saying about your host as I know a few that are severely infested.
One team member isn't nearly enough to validate code for security
Bill I'll have to admit I don't know exactly what the mod validation process is. I do know the guidelines set down are pretty strict to help prevent exploits from creeping in to begin with. It's my understanding the ones that do get rejected are usually because they don't follow the guidelines. There's a team of about 8 mod validators and only about 150 have been validated since about this time last year. They just added some "junior validators" to pre screen mods to help speed up the process.