Twice now within one month Google Webmaster Tools has reported malware on my client’s site [noparse]www.beverlyhaberman.com[/noparse]. The first time I completely removed and re-loaded all the files. This time I’d like to get to the root cause of the malware.
What is the source of this infection?
How can I prevent this from happening again?
Is there some way I can get rid of the infection short of removing and re-installing the files again?
Here are the malware details according to Google Webmaster Tools.
As to which one it is, this is a process of elimination. If you’re on shared hosting you’re less likely to get to the bottom of it, as you probably won’t have access to the logs necessary to examine what’s happened in detail.
Something is putting that line of code at the top of your pages - probably the index.php file(s). But more important - that “something” will keep putting the hack code back unless you do a complete clearing out as recommended in the referenced articles.
Instead of trying to locate source of the recurrence, just wipe the site, re-install Wordpress + plugins and harden the site as mentioned.
Don’t just wipe it - save a backup of your database or you’ll lose your posts and comments.
Then virus scan it. And if you can’t get new plugins and the theme your using scan those too.
Scan your own machine, change passwords, install a fresh most recent version of WordPress etc. etc. The codex has a good page “Hardening WordPress” if I remember correctly.
Keep backup data always. Other thing is to remove this injected code from all php files. i guess php files have this script injection. The main thing is secure password. Frequently, change your passwords and have strong one.