I have had quite a few WordPress users having trouble with plugin upgrades or re-installing plugin that were not completely removed. The problem is that sometime WordPress will not remove the main folder for a plugin that is being upgraded or removed but it will remove all the contents of the folder. So then WordPress does not see that the plugin is installed but it cannot create the directory structure to reinstall it either.
The only thing you can do then is to login to your server via FTP (or a file manager in your hosting control panel) and delete the directory so that it can be re-installed. But for some people that just isn't so easy to get to. So I created this little helper plugin to force the deletion of any plugin's main directory and all of it's contents before upgrading or installing another version of that plugin. It's still under development and I would not recommend installing all your plugins with this one activated, but if you are have trouble upgrading a plugin because the destination directory already exists then this will probably help.
I just released my new Anti-Malware plugin for WordPress. It is still in BETA but I think it will be very helpful in removing malicious scripts and patching security vulnerabilities.
Please feel free to leave feedback and donations are always appreciated.
I made my PHP scripts into a WordPress plugin and installed it on a couple of different servers to test it. Over the next few weeks I will be testing, refining, and improving the plugin to get it ready for release to the WordPress community. Anyone interested in testing it on their WordPress site should contact me and I will set you up with a pre-release version.
I was able to find and trace one of the hacks back to thumb.php file. This turned out to be an old version (1.08, 1.14, etc.) of the popular TimThumb script. It turned out there were a lot of old TimThumb script on the server. Many were found in plugins and others were in themes.
I wrote a script to identify old TimThumb files and upgrade them automatically. Now it looks like we finally have a secure server again.