I was visiting a website I created in WordPress. When I went to www.mywebsite.com
"your site may be victim of hackers we offer a solution can contact us firstname.lastname@example.org
after downloading the site files, I see that index.php has been physically changed to include this code at the very top:
alert('your site may be victim of hackers we offer a solution can contact us email@example.com
I removed it and the site is back to normal.
What I'm wondering is, how can someone write to index.php? Are there security settings I should've been aware of?
I'm using a theme I made - only the second one I've ever done, but I don't know how that would open up WordPress to a hacker.
No other sites on my server seem to be affected (including WordPress sites).
Any suggestions on things I can do to make sure this hack doesn't happen again? I'm sure it will...