Complete strangers have gotten into my blog and started posting under the usernames "kolvalsky09" and "kramalooma25." They have not, redirected the site's urls however. I've considered using iPage's own site-cleaning service, but the cost is too high. What should I do?
I've read instructions on this subject, which I found here at FAQ My Site Was Hacked and some of the linked posts. I've changed the password both on iPage and on WordPress, as well as the secret key. Now I'm not sure what to do. I know that I should update my version of WordPress, but beyond that I'm not sure.
I do not have any pre-hack files of my SQL databases. iPage's "Backups and Restore" tool explicitly says "You will not be able to use this tool to automatically restore SQL databases." I have a few other questions:
1. Would it be too complicated just to copy the html code of my posts, delete everything, and then start building over again by pasting the posts to their respective days?
2. Are the hackers' codes usually hidden in the posts themselves or in the themes?
3. Just how useful is the "Backups and Restore" tool anyway?
The blog I need help with is www.benandlarryincumberland.com.