if you’re on a shared server you may need to contact your host and tell them you’ve been hacked. it might not even be you who’s been hacked, it could be another site on the same server that’s got malware on it and it’s spreading across the cluster.
I did contact the host. They actually said “Everything looks fine at our end”. Yes I know, it’s time to find another host, but in my experience they are all as bad as each other.
that’s not entirely true, i’ve been with hostgator for many years now and they’ve been superb. i’ve heard good things about rackspace and several others. it’s true in life that you get what you pay for.
there are hosts that are dedicated (or at least configured to handle) wordpress specifically so maybe have a look at them as an option…
Do you or your host happen to have a back up from a date prior to the hacks? Restoring the files and databases is the quickest and surest way to get rid of all the malware.
Yes the host will have a back up date on file. But I am trying to find an alternative before going down that road which will lose some of my recent work.
Yes, I understand about loosing your newer work. It’s a balancing act between manually repairing the sites with no loss of content. Or a restore requiring the manual replacement of some amount of content.
Have you determined a date when you think the hack likely occurred? Looking at the date stamps on index.php and function.php may prove helpful.