Hello there guys.
For the last week my wife's blog has been affected by some kind of malware code, some script that writes the current active theme header.php and 404.php files and inserts some malicious code there that redirects the page to some random malware fake antivirus trojan download page
I've been working with the tech support guys from my domain server, and they've told me that there was some malicious code in two files, topper.php and wp-pass.php, but on the uploads folder, not the usual wp-includes or wp-content pages.
Anyway, that set me on track to detect that somehow, those two files of the current active theme, 404.php and header.php are rewritten at some point and the blog then starts to redirect again. I've found a link to change the .htaccess file to keep the blog for redirecting to this places, but the blog looks empty then.
Well, i wanted to ask if anyone has gone through this trouble before and ask if there is any solution to this?
Thanks a lot