Eugk,
As far as the actual lines of code that caused it, no I did not. But I disabled in dashboard editing of php scripts (and other hardening measures for wordpress) and I switched webhosting providers.
I was able to see in my logs over the next few days after switching providers that someone was hammering on the username that my ex-webhost had left on our wordpress for them to login and do maintenance. So I think that they must have had a weak password and that let someone malicious manipulate some of the PHP on my theme.
Its been resolved now with the new theme, so I’m just happy to be back to engineering microphones and not dealing with a malware plagued website anymore!
Catacaustic, thank you for your help. I was able to isolate by loading the site my own server that someone must have compromised my theme. I was able to download a new version of it upload it, get rid of the malicious code, then harden my site.
I appreciate your help!
