Iframe Injection Malware

You don’t seem to be removing all of the hacker’s code from your site – which means that the hacker just walks straight back in again. See https://ottopress.com/2009/hacked-wordpress-backdoors/

The code is still being injected in your site, there is an iframe within this div tag: < div class=”z9dxj7s7wd”>….< /div>

Since you aren’t able to locate the backdoor, have you considered completely wiping your server and installing a new clean wordpress install? In a case like this where you aren’t able to locate the problem, that would be your best solution.

I have had the same problem since I started my small business 2 years ago.

Every few weeks I’m getting messages saying there is malware on my wordpress sites. Today it has javascript malware. It’s got to the point where it is taking too much time to deal with than it’s worth and I might just find a nice html theme instead.

The frustrating thing is that you can search forever and a day for generic links but there is no simple fix for it. Completely wiping my server isn’t a simple thing to do at all.

It’s a shame there isn’t a simple, watered down version of wordpress for people like me that don’t require the blogging features of wordpress but just want a nice simple site they can add pages to and put a nice looking theme on that was more secure.

You’ve been hacked. That’s not WordPress’ problem. It’s yours. You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thanks for the list of links. I don’t have the technical knowledge to change MySQL users passwords and I’m really not up for wiping the lot and starting again as I did this a few months back.

Also, the “injected malware” comes and goes without me actually doing anything, so it’s difficult to look through the files etc to try to catch it. For example this morning when I got to work, sucuri.net was showing that my site was infected, now without changing anything it’s saying that it is clean. This has happened a few times.

As I don’t need any blogging features then I’m off wordpress until either they make it more secure or I am able to fix the problems easier when they do arise.

Did you read the page at the last link I posted above?

Yes, it says a user of wordpress should be an expert in it. I am exactly the type of person that they are talking about, a normal everyday user that doesn’t have the time or energy to learn about php or web security.

Probably my fault for assuming that i could install Wrodpress, add a theme, make my site look nice, and expecting it not to be hacked every week.

it says a user of wordpress should be an expert in it.

Ignorance is a curable disease. ?? anyone can become a WP expert with time and practice. In the meantime, these forums are here to help.

expecting it not to be hacked every week.

That’s a very valid assumption to make. The problem is that, once your site has been hacked, it is imperative that you remove every trace of the hacker’s work. Otherwise they’ll just walk straight back in again. I suspect this is what has happened in your case. Either that or you have unfortunately used a very insecure hosting company.

Have you looked at creating a site on wordpress.com instead. Less flexibility but also far less hassle compared to running your own site. Have a look at https://en.support.wordpress.com/com-vs-org/

Oh hey, just saw this, sorry for the delay.

You need to query your database. If you have wiped and gone through your files in detail then you need to try querying your database, willing to bet its in there. It’s likely embedded there and reinfecting your files. The other thing to check are the neighboring sites or files above the web directory.

While there is no silver bullet you might be reaching a point where you should seek help.

Cheers.