i habve this detect malware

Please do not post malware code in these forums again.

Please remain calm and give this a good read.

https://codex.www.ads-software.com/FAQ_My_site_was_hacked

When you have successfully deloused your site then consider giving this a read too.

https://codex.www.ads-software.com/Hardening_WordPress

Thanks Jan, for those helpful links.

Hi @nanocom,
I like to add one more suggestion that might help you find the specific threat that is writing that malicious include line into your files. If there is a backdoor script on your site that is responsible for this infection then you should be able to find a record of it being called in your server’s access_log files (ask your hosting provider where to find those logs if your not sure). You can get the exact infection times of any files that were clean using my Anti-Malware plugin on the quarantine page. Look for activity in those log files at the exact time of the first infection.

As with any website attack you need to not only remove the malicious code as others have stated above, but you must also find *how* the attacker was able to inject the code/file in the first place.

Once you have detected the attack request, it will give you some clue as to what part of your website is vulnerable to such an attack.

If there is no evidence in the log files that disclose how an attacker was able to add, prepend, append code or files onto your site then you need to look at the webserver itself.

This is where it gets more difficult because most webhosts will not disclose that they have patched a vulnerable server, or admit that their servers are insecure. One way to tell is to google other websites on your server to see if they are also complaining of being attacked. If so then it may well be a server wide issue which you cannot fix yourself other than moving to a more secure webservice.