I first thought it was an SQL Database Injection break-in. I was pleasantly surprised to find only one file had been changed in each folder. It could have been so much worse. I thought I was going to have an extremely long night.
I am still picking up the pieces, but here are a few basic tips to pass on from my experience:
1. Use secure passwords. The name of your favorite cat is no longer an option. if it is in the dictionary, it was not a safe password 15 years ago, let alone today. Numbers, letters, and non alpha-numeric characters. Passwords changed frequently.
2.Make sure your plugins and addons are up to date. If you don’t, it’s like a padlock on a screen door.
3. Keep your backups up-to-date. Jesus saves, so should you.