base64, eval, java and mix of them all are attacking WordPress sites regardless of any defense you have! At least it is my case!
I have already deleted the whole site and restored the backups from previous dates (lost some posts, but had to).
I have already changed FTP, CP and Admin passwords
I have clean PC, scanned every day
I have updated all files including WordPress, plugins and themes
I have used many defense system (plugins/online)
I have deleted some suspicious files and code lines
I have tried checking the log files, blocking some IP's and etc
I have asked the host to scan the server, result was "clean"
I am tired now
Codes keep appearing in my site, they are being added to header file of themes. Could not stop them.
This is dangerous for me, and visitors of my site because the codes are installing really bad software. Also, Google marks my site as attack site!! It is very bad.
Could some one write a code to prevent WordPress files being amended? Any kind of check sum protection? Any bug report or any fix?
And, there are many people having same problem being directed to DIY sites and so on, none works and problem stays as it was. This is not good, safety of WordPress is in question here. I personally do not want to migrate to another platform, I enjoy using WordPress, I enjoyed it for many years.