Recently we’ve seen an increase in attempts to exploit WordPress installations. This means it is very important to make sure your WordPress script and any plugins are kept up to date.
If your site has already been exploited, you can make use of the excellent WordPress Exploit Scanner plugin to determine where the malicious script is located.
Another step that you can take is to make sure that your file and directory permissions are locked down. The WordPress codex has a detailed writeup on permissions as well as a more general security writeup.
In addition, if you are running a WordPress install on the Laughing Squid Cloud, the Cloud infrastructure allows you to lock permissions down even further without impacting the functionality of your site. On the Cloud, file permissions may be changed to 600 and directory permissions to 700.
As always, if you have any questions about any of this information or if you believe your site may have been compromised, please open a support ticket and we will address your concerns directly.