Being HACKED

One of my client’s websites keeps getting hacked.

From time to time, most of the “core” files of WordPress like index.php in several different folders will have a code like this at the very top of it.

[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

I have a script on the site that alerts me if there more than 1024 charchters without a line break so I do know when they get inserted. I usually manually go to each file that has this code on it and remove it.

How does it get there?

When I check the modified date in my FTP it always states the last date that I edited the file but it was clearly edited after me.

Now with this code above the files keep getting hacked and I had to “clean” them out twice already today.

Any help would be appreciated, thanks.