1. Use good antivirus programs on all PCs that you use to connect to your website for control panel and FTP.

2. Keep WordPress and all other applications updated to their latest versions.

3. Use uncrackable passwords like yU*1$phN6WoD

4. If you write your own PHP code, learn how to code properly to prevent Remote File Inclusion and SQL Injection.

5. On nonencrypted wifi networks, only access your site's control panel using HTTPS and only use SFTP for file transfers. If you can't do that, wait to do those activities until you have a more secure connection.

6. Before you use any CMS, template, plug-in, gadget, or script, research it for reported security problems. If it has unfixed security problems, just don't use it.

7. In php.ini or .htaccess, make sure the PHP values register_globals and allow_url_fopen (or at least allow_url_include) are all set to Off.

Hi,

I am also having the same issue.somebody have uploaded b374k control panel in to my server.I also found shell script files with names "bcc" with full permission and "shell". Can anyone tell me how hackers uploading this file to my server without ftp credentials.

Welcome to WebmasterWorld lavyjohn.

Check your logs. That is your paper trail. Start there, work your way back.