Wordpress Hack

The site has been broken for a few days, because it was hacked. After some hunting around it looks like there was a vulnerability in GDPR compliance plugin.

https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/

The hack enabled the hackers to change the site address to point to

https colon slash slash mytemplatewebsite.com slash 0.js?

I've replaced slashes and colons, to make the above not a valid url so nothing follows it.

Which then went to show a load of malware and rubbish. If you tried to login to the site to fix this, it would redirect to a login page on this site. If you typed in your password, then then password would be picked up by the hackers.