It would seem my site was hacked some months ago, and I ended up with a hidden link injection. It's not a link to malware, but simply to a vacation rentals database site in Germany. (How random is that . . .)
I've changed all passwords, tweaked permissions, and created a new user for the database (deleting the old one). So, nobody should be able to get BACK in easily.
I've installed WP file monitor, which isn't showing anything changing.
However, how do I go about finding the code that's injecting the link? I can't say I'm too eager to reinstall everything, if that can be avoided.