My site has been hacked 3 times in the last week. Each time I've cleaned out the wordpress, theme, header.php, footer.php, plugins and anything else I could find using Exploit Scanner plugin.
I'm 95% of the way there, but they have left their red devil favicon so I know that there is a back door somewhere. I've tried to follow the documentation as best as I can but I'm not a coder and need my site to be secure as it's for a new ecommerce business.
Can anyone advise where they may have hidden the additional code - Exploit Scanner is coming up clean, I've changed all passwords for the FTP and logins so I'm not sure how they're getting in.
Also I would like to hire someone to clean it out and make sure it's secure from now on. Can someone suggest a professional that I can trust to do this?
Hack was by - Cod3d by Mr.Alsa3ek and Al-Swisre
My website is http://www.enviroheat.net.au - I've not even launched it yet and still working on the layout/content.