I have a question, hope someone can help.
I run a few websites for clients, at different hosters. Some of these websites are kept uptodate. And a few are not. I also have a reseller account with one hoster. Some of the sites at this hoster get hacked few times a week. But the ones at external parties never get hacked. The ones on the reseller hosting all get updated on a regular basis. As well as the plugins.
Most of the functionality of these sites are done in the functions.php of the templates we build for our clients. We try to keep the amount of plugins at a minimum and all we use is eshop, yoast, better wp security.
Like i said the websites are hacked frequently, and at those domains I have used better wp security to change the admin user id, secure the core, change database prefixes. I have also checked permissions, on files it is 644 and on folders 755. I use ssh to check this. Also have limited follow through with a robot text, used strong passwords, and limited the htacces.
I have also asked the hoster to check the log files of the server. No one but my IP and my colleague have access or gain access on the ftp, also change ftp passwords regularly, and use strong passwords.
The hacking generally is none destructive, but it is in almost all the folders that junk gets injected into header or index files, and on some occasions before better security use also admin used with ID 1 was corrupted, but this has stopped.
Also the nature of the content that is injected is weird, the person doing this boasts about it on a website that keeps track of hacked wordpress websites, but the website is in an Arabic or middle eastern language with links to email, but doesn't seem to be fundamentalistic in origin.
I tried contacting the email address, but no response as i though. None of my clients are of any harmful or nefarious nature, we make a point about that.
So it is very annoying, and harms our clients.
I personally love working with wordpress, and would like to continue doing so.
What can i do? Is there a solution other then the ones i already tried? Is it an issue with my hoster?
Hope someone can help!?