Hi,
Our blog crashed some days ago. When i started to check these problems , i realised some strange codes on plugins and system codes also one folder named downloads in main directory which is not supposed to exist.
Main directory download folder list: http://prntscr.com/4gnuxq
Example of strange codes begining on the system php files: http://pastebin.com/R1EsbuTA
We have found several php codes under upload directory. Some examples:
http://pastebin.com/i5g36JFH
http://pastebin.com/BuR8JBbA
After exploit attack happend, We reinstall wordpress with new version and plugins. It seems like working fine now.
This document says to install a plugin for exploit attacks. I installed "Exploit Scanner" plugin.
Is there a another solutions for our blog security?