I have built 30 wordpress installations to date and only one has repeatedly come unter attack by a variety of Trojan Malware bugs.
I have a back-up sitting on my desktop at all times but the client (owner of a posh villa in the seychelles) is getting righteously ansty.
The last time it happened I took a raft of steps to ensure it wouldn't happen again - I won't go into them all, but they included changing user names, pass words and lots more but it happened again yesterday.
Is it possible that in an initial attack some code was left in there - either in the DB or elsewhere that is opening a back door to the site?
The site is completely static and as such I could change the permissions of the ftp folder to non writable, would this work or would it screw-up my wordpress site? I do recognise that to install new plugins and to update the WordPress I would need to change them all back again but this seems like my only solution.
I am thinking of buying into the Sucuri malware deletion package for my 10 prime sites, has anyone had success with this as a solution?