09-19-2019, 01:54 PM
These things are pretty common these days. This often happens to web hosting and other service providers too. Some don't even notice it and some don't say anything not to lose customers. This even happened to Godaddy years back when I was using them. There was a server-wide massive SQL injection attack which infected not just SQL servers plus HTML injection. We had to download everything and clean files by our selves. At least it was only a server attack, not client data and card details.
I don't agree with @sohamb03 about most of the free themes and plugins have Trojans etc. At least those themes and plugins in WP repository are pretty good and thoroughly checked. Security problems happen when people don't update themes are plugins regularly or using outdated plugins/themes etc. Some get just brute-forced because of using silly passwords. Plus you need to be careful when you use those themes or plugins which are not in Wordpress repository. I have used Wordpress in 100's of sites in the last 10 years and only time I had a problem is that Godaddy mess. Even that has nothing to do with my security stuff.
I don't agree with @sohamb03 about most of the free themes and plugins have Trojans etc. At least those themes and plugins in WP repository are pretty good and thoroughly checked. Security problems happen when people don't update themes are plugins regularly or using outdated plugins/themes etc. Some get just brute-forced because of using silly passwords. Plus you need to be careful when you use those themes or plugins which are not in Wordpress repository. I have used Wordpress in 100's of sites in the last 10 years and only time I had a problem is that Godaddy mess. Even that has nothing to do with my security stuff.