No clue. I’ll repost my comment from the website above:
Heads up: check all your index.php files from your wordpress install.
I found the malicious code in the root install folder index.php, as well as the wp-content/themes/index.php, as well as in all the index.php files of all the themes, as well as wp-content/plugins/index.php.
Also found suspicious code in a so called “cache” folder that materialised without me knowing…
This happened running the latest 4.3.1 wordpress version, and it keeps getting back, even after we did a ftp password change.
I will change the htaccces file and see where that gets me. EDIT: htaccess file was ok.
this was happening (still is) on bogdanvanbroeck.com.
Hey, bump up. I have the same problem here.
The above code (or similar) is appearing randomly in the root index.php and as well any other index.php file.
I delete it and then it keeps on popping back after a few days or so. Should I take it that the website is “hacked”?
Running on the latest upgraded 4.3.1.
