I'm getting pharmaceutical spam inserted into the body of my posts. Usually with a stylesheet (from mcasro.org) hiding the text from visitors, occasionally not.
I've been reading up on possible causes and eliminating one after another:
- there are no extra users in the database
- there are no unwanted active plugins disguised as image files
- there is no code in my active theme with
- nor yet in the main script files, except in wp-app.php where it's meant to be.
- nor anything in theme or script files with 'beliy' or 'keymachine' or 'seogoogle' or any of the other things you're advised to search for
- recently changed my admin password to something very obscure
- all files have good permissions
- I've overwritten files faithfully when upgrading - apart from wp-config, see below
There was a brief interval when theme files were left at 777, hence all my searching in there for anything alien. Can't find anything. And until yesterday I hadn't upgraded wp-config.php for years. Done that now... but since it could be a month before the next attack, I've no way of telling whether this will have made any difference.
I need help.