I'm sorry if this has been covered -- I searched but was unable to find help -- I've noticed that some spam-tastic links have been appearing in the header.php of my theme.
The links don't appear when the site is rendered, however they are in the page's source. So the 'hacker' is clearly attempting to stealthily increase their page rankings (the presence of these links also influenced the content of my google ads).
As soon as I found the links I removed the code from the header.php. Made sure that all the plugins that i'm using are up-to-date and, of course, double checked that I was running the latest WP and that all my files had the correct permissions.
However, less than 24 hours later the links were back in the header.php - so double checked everything again, and even changed my passwords for my ftp AND WP admin login.... but, guess what! They appeared there again and I have no idea how the file is being accessed and edited.
I googled a few of the nefarious links was surprised to see how many sites have also been hacked (try for yourself, google: "information phentermine viagra xanax" or "cialis compare levitra viagra" and check out how many of the results are for innocent sites whose source has been modified).
Anyway, I guess I'm asking for help here - is this a known exploit? If so how do I prevent it from happening again?
Any assistance is greatly appreciated.