Today I visited my site and was presented with a Google/Firefox page warning me that my site was dangerously infected with malware.
I read the report and logged into my admin panel and went to the theme editor. Lo and behold, my footer.php file contained a nasty iframe with a malicious link in it. I promptly deleted the nasty code and changed my wordpress password.
Still not satisfied my site was safe I went to my site's cPanel to check the datebase. My cPanel password failed to work as did my ftp access using filezilla. (My password was bookmarked in filezilla so it wasn't a case of forgetting). I also did a deep scan for my PC for malware to find nothing.
Anyway, so I called my host and got them to reset my cPanel/ftp password which they did. Did a quick check of the db - all clean.
Then I checked the theme folder for anything strange and noticed that all my theme files had been duplicated and had a ".iframe" file extension.
So I deleted all of these duplicated files.
Why were these files here and what does the ".iframe" extension mean?
I'm a little worried about the security of my site/of my host.
I also found this page: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=AS:33970&client=googlechrome&hl=en-GB which seems to indicate my host's network has had 825 sites out of 6661 being reported as having malware in the last 90 days.
Should I be worried.
Sorry for the long post, thanks if you read it all!