So I replied in an old topic (9 months ) and the moderator closed it. I have to start a new one.
In reply to the moderator, I know my site is hacked and I have checked and done most of the actions you mentioned before. I also have the latest version of WordPress (3.5.1) and my site has just been installed 1 month ago. Some popular security plugins such as WordFence or Antivirus has been installed. Chmod has been checked. Comment and upload functions are removed...
What I wonder is that many people have the same problem, their sites are hacked in the same way (same code, same injected files, same machenism). So, there MUST be a formula to hack WordPress sites like that.
Anyone has a formula to protect WordPress against this hack|attack?