Got hacked, but what's the point?

In case someone suffers the same thing and needs a cleaning method, I did the following. Note this cleans the database but doesn’t address and file infection or security holes.

1. Exported my database to a .sql file but selected the DROP TABLE option
2. Made a backup of the .sql file
3. Opened the backup file in Word (yes, Word works for this since the sql file is really a txt file).
4. Did a find&replace using the “use wilcards” option with the following find string
\<a style="text-decoration:none" href="/*"\>.\</a\>
5. saved the file back to a sql/txt file
6. Imported the new file back to the database

More info on my hack. I noticed that changes to my .htaccess file were being lost every day so I knew something wasn’t right. I found the following file had been modified wp-includes/nav-menu.php. How did I find this? I downloaded my entire public_html folder and did a content search on CHMOD and base64_decode statements. While these aren’t necessarily bad commands they are clues to infections. After comparison to virgin files from www.ads-software.com it was obvious my files were modified. Since I had a backup of my html folder, I renamed the server copy of WP-INCLUDES and WP-ADMIN to OLD-WP-INCLUDES and OLD-WP-ADMIN (yes, this broke my site) but I then copied fresh copies from www.ads-software.com to my site. This is a little brute force but it worked.

BTW, Windows doesn’t index PHP files by default. You have to go to index options > advanced to include these files in the index. This allowed me to search the content.

Try installing this plugin and running a scan: https://www.wordfence.com/#get-plugin

carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.