A site I manage has been hacked twice this month, both times with base64 code being injected into numerous PHP files.
Since I changed all passwords after the first hack, I'm wondering if there is a different issue, but I'm not sure where to look.
One thing I noticed is that all of the tables in my SQL database are renamed such that "_ndmpug" is in all the names, e.g. wp_ndmpug_posts.
I'm not sure how to figure out what caused this or whether it's even a problem as a Google search comes up empty. Nothing seems amiss in the database content itself.
Does anyone know where this renaming might have come from?