Thanks, Hannah! It did!
You were right on both counts- not DNS & not the host. Our themes were somehow deleted- *all* of them. And by “somehow” I mean that it appears we were hacked through one of our plug-ins, specifically SweetCaptcha. I do have to give them credit for the irony of hacking in through a spam-catcher.
Our host figured that the theme we used was gone. Once I reinstalled it, the site was mostly fine. There were a couple of things I had to fix, but no big deal. Then one of our users emailed me to tell me spam banners were popping up (& thoughtfully included the javascript that brought it up). I didn’t see them because Chrome was blocking them but once I found where the code was hiding, it was curiously sandwiched between two bits of SweetCaptcha. Nuked it from orbit & now everything’s copacetic again.
Do you happen to know if there’s some way I can report to WP that the plug-in has been hacked so other people using it know?
