One of my client's websites keeps getting hacked.
From time to time, most of the "core" files of WordPress like index.php in several different folders will have a code like this at the very top of it.
[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]
I have a script on the site that alerts me if there more than 1024 charchters without a line break so I do know when they get inserted. I usually manually go to each file that has this code on it and remove it.
How does it get there?
When I check the modified date in my FTP it always states the last date that I edited the file but it was clearly edited after me.
Now with this code above the files keep getting hacked and I had to "clean" them out twice already today.
Any help would be appreciated, thanks.