Does anyone have any thoughts or pointers to where this topic might fit better?
Moved to Fixing WordPress, this is not an Everything else WordPress topic.
Don’t post malware code on these forums again or links like that here. These aren’t forensic forums, these aren’t “what is that code doing?” forums. Just WordPress support and that’s out of the scope for here.
Your site has been compromised and you need to delouse it.
Please remain calm and give this a good read.
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
When you have successfully deloused your site then consider giving this a read too.
]]>I would suggest first grepping the site with a search to see how many directories are infected. I don’t trust these plugins because they throw false positives. Nothing beats running a Grep and finding all the infections, backdoors need to be looked at.
Do not change any passcodes until you have cleaned your infection.
]]>