We’ve all been there.

You find some blog posts on your site that you didn’t publish. Or you get an email from your host telling you your site is sending out spam email. Or maybe you were just browsing your site and you found a file that doesn’t look quite right.

In this talk, we’ll cover everything from the basic steps to take (changing passwords, locking down your theme, and enforcing proper file permissions) to finding the affected portions of your site (checking core, theme, and plugin files against WP.org versions) and removing the malicious code. We’ll also touch on general security practices that can prevent breaches in the future.