I have a WordPress site that just keeps being hacked. The index.php or wp-blog-header.php of the root gets injected with a malicious code that references a temp.php and another random-named .php file that is generated in some random sub-folder of the site. I delete these when they appear, but they appear every day. Oddly, it is unnoticed when the site is visited by a direct link or by typing the URL, but always shows when one access via Google results (where the whole site is replaced by some a drugstore catalog). I'm not sure what could be the problem. I already checked the CHMOD of all the files and updated the Timthumb scripts.