Restricting access with .htaccess is a good idea; http://www.themepremium.com/wordpress-security-restrict-wp-c...
1. Backing up theme, making list of plugins installed 2. Inspecting theme for any hacks. (difficult if you wrote your own) 3. Deleting _all_ files 4. Walking through the wp_options table for any leftover holes (very difficult) 5. Re-install WP 6. Re-install theme and plugins.
The WP team needs to work in something like you linked to into the core.
There are a few ideas I'm considering for securing and monitoring WP installations for intrusions.
Probably a few million crap files all together. Was a huge pain in the ass to clear all that crap out. After that point I killed all wordpress installs, since it has such a huge target on it's back.
http://blog.sucuri.net/2010/05/it-is-not-over-seo-spam-on-si...
I got a message from my host with a link to your site, where you instructed to download and install a file...and I was 100% sure that it was just just a scam, where you sent out spam messages pretending to be hosts, with a link to the blog post where you were asking me to download malware.
In fact I was in the process of contacting customer support of my host, when I noticed the letter I got in recent history.
You should really spend a little time making it look more legitimate,
A few hours ago I didn't know if you were legit. Now I see how considerate you are.
So glad I met you on HN.
Oh god no! Don't let it be true!
