Hello,
The same thing was happened on my php site but it’s not using word press. The same script was ejecting if the user remove the valuse starting on “base64_decode” on index.php. All the files are injected this values. I’m using Godaddy Hosting and I didn’t get a satisfactory response from them yet.
This patch will cure my problem.
SSH to server and execute this command. Switch to “html folder” and then execute.
$find . -type f -name “*.php” -exec sed -i ‘/base64_decode/d’ {} \;
https://serveridol.com
