20 Feb
2020
20 Feb
'20
9:39 p.m.
Andy said:
If it's only the database that's been fiddled with, I'd be wondering
about the security around phpmyadmin.
I'd also check they haven't played with the users.
If you don't need a dynamic site (e.g. for comments) it's well worth
using one of the 'make a static site out of this' plugins, then pointing
the webserver at the results, and only having the WP site live when
you're editing it.
Ian (not that one)
The low-life
had appended a <script> tag to this field on every
row.
Glad you got it sorted. Did you ever work out how they got access to your database?