Eugh.  I hate iframe injections.

Quite some time ago, I gave up on maintaining my various sites – notably this one and Web Cash. I simply didn’t have the time to add new content, and I’d had trouble with the theme files getting infected with iframe injections.

Last month, I decided to clean up the files and, if nothing else, keep the sites alive as they were. They bring in a small bit of revenue from ad sales, and I don’t see any reason to pass up money that could be coming in if the sites were functioning properly. So, I cleaned up all the template files, changed all the passwords associated with my hosting account and FTP accounts, and thought all would be well.

But it isn’t!

For whatever reason, I can’t seem to shake this damn problem. And every time I notice it’s back, it raises my level of anger another notch.

The infections routinely affect three files in my template: index.php, header.php, and footer.php. Each file has a new line that creates an iframe, which inevitably loads some invisible links or malware. This iframe can also get your site blacklisted from Google (after cleaning up the files, my site was re-listed on Google and I’m getting some more search traffic).

I really can’t figure out how or why the files keep getting re-infected. I’ve repeatedly changed all the passwords associated with my web host and with WordPress. I’ve updated WordPress to the latest version. I’ve checked the file permissions, and they seem correct. Arg…!

Tonight, I found one potential problem that might have been the culprit. I installed the Antivirus plugin for WordPress, and it found a random script tag in my header file. I’m not entirely sure that a script tag could lead to these files being edited permanently, so I don’t know that it’s the culprit. But let’s hope… because I’m tired of checking on things and finding that the files have been tampered with yet again.