Phishing Attack

My site suffered a hack in which phishing files are being placed on it. I removed the files, upgraded the wp installation and plug-ins, changed passwords etc. but the files keep coming back.

I’m trying to pinpoint where I’ve left some bit of malicious code in. And there’s one bit that bothers me. 114 of my theme files were modified around the time of the attack but also around the time of the wp upgrade. The modifications look innocuous, the ones that I’ve looked at, but I’m suspicious still. But before I look through all 114 files, does a wp upgrade alter theme files?