Hacked, re-installing won't fix?

I’ve just re-installed the blog but pretty sure it’s not fully cured! Could someone please check it out and see if they can spot the problem?
Linky to blog

Is this the problem, I noticed this code is sometimes appearing in my source code at the bottom?

<!–stats_footer_test–><script src=”https://stats.wordpress.com/e-201037.js&#8221; type=”text/javascript”></script>
<script type=”text/javascript”>
st_go({blog:’5341917′,v:’ext’,post:’0′});
var load_cmc = function(){linktracker_init(5341917,0,2);};
if ( typeof addLoadEvent != ‘undefined’ ) addLoadEvent(load_cmc);
else load_cmc();
</script>

Any suggestions still appreciated as I’m not sure what to do!

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Also, the code that you posted above is the tracking code for the WordPress.com Stats plugin.

Thanks for the reply. I’ve done all that. My site has been hacked 4 times with the most recent being 2 months ago. Usually the guide above works fine and after I re-install fresh wordpress and theme files, but on this occasion, as I mentioned, some of my fresh files upload and revert back to the time of the hack as their modified date.

If that is normal behaviour then I’m ok, but I’ve not noticed that happen with my last 3 re-installs after hacks which is why I’m still worried.

Have you popped over to my site to see if anything is still amiss?

EDIT: Thanks for clearing up the code posted above. One thing less for me to worry about!

Usually the guide above works fine but on this occasion, as I mentioned, some of my fresh files upload and revert back to the time of the hack as their modified date.

You can’t overwrite the files. You need to delete them first, then upload new copies.

Have you popped over to my site to see if anything is still amiss?

For obvious reasons, I’m rather not visit a potentially hacked site. Sorry.

I have deleted all the files before installing fresh ones, I never overwrite existing files.

Would it help if I posted my source code?

EDIT: Also, when I go to my admin login I get this at the end of my admin login URL, redirect_to=http%3A%2F%2Fwww.richardpeters.co.uk%2Fblog%2Fwp-admin%2F which I’ve not noticed before (but I’ve been working on this for hours now and it;s 2am, so might be that I’m just confusing myself and it’s always that way on the login url)

Sure, you can post it here:

https://wordpress.pastebin.com/

Cool thanks, here’s the source code.

Off hand, I don’t see anything terribly wrong. Install and run this plugin just to be sure:

https://www.ads-software.com/extend/plugins/exploit-scanner/

What is the code below:
<title>B&H Search Banner Small</title>
looks like Perl, PHP or some server-side code.

And besides looks at the Client-side pages, look at the PHP files on the server. Look for “eval(base64_decode” in them. That would be a problem.

What is the code below:
<title>B&H Search Banner Small</title>

It looks like a regular affiliate add for B&H Photo.

And besides looks at the Client-side pages, look at the PHP files on the server. Look for “eval(base64_decode” in them.

i didn’t see any in the pasted source, but that doesn’t mean such a thing couldn’t be hiding in another template file. If it is, the Exploit Scanner plugin will find it.

Just as a thought, you don’t keep using the same theme, don’t you? When your site is hacked, theme files modified and you replace WP, but keep using the hacked theme, I wouldn’t find it strange if the hack kept coming back. Also, are you sure the database is clean? Just replacing WP files doesn’t do the trick.

And another sidenote. If you keep getting hacked using the latest version of WP, talk to your host. Maybe there’s some crappy website on the shared server, their security stinks, something like that.

Same thoughts here as Roy said.

If you’re getting hacked on a regular basis, do change your password every 4 weeks or so. Don’t use anything you can remember, generate something with https://strongpasswordgenerator.com. Make sure both FTP and your WordPress Passwords get changed (preferrably to something different).

I had several sites hacked sue to an FTP exploit, and the hack kept coming back. Since I’ve changed the FTP passwords, the hackage has stopped.

I just had a look at your site and it looks OK so maybe all is well now.

Thanks so much for all the replies everyone. I re-upload wordpress and theme files after every hack.

This was the first hack since moving to wordpress 3.0.1, I upgraded to that after the last hack.

THanks for the tip about looking at php codes on the server but I’m not entirely sure how to go about doing that, I’ll google it and see if I can make some sense out of it (server side stuff all seems a bit complicated and easy to break things…!).

I’ll look in to the password thing as well, thank you.