WP security

I can almost guarantee you're using the same plugin, theme or host that's the vulnerability for all your Wordpress installations which is why you get hacked.

WP hackers first look for plugins/themes that have security holes, there's list on the net showing the security issues. Some target the MySQL database but that's more work than targeting weak WP themes/plugins.

Fix the problem instead of looking for band-aids (magic plugins).

Damn, this forum is filled with people who post just for the sake of posting.. looking at you yukon.

Here's a few step process that works for the most common base64 hacks:
1. install wp fence, it's a free plugin. (edit: seen that you're already using it, still proceed to the step 2)
2. in the scan settings (under wpfence > scan) select "scan outside wordpress installation", "plugin dir, theme dir etc - make sure to scan your whole server.

It'll take some time (depends on size of the server), but after the scan you'll end up with a list of infected files. In most cases they all follow the same malicious pattern so you can download infected directory(or the whole server), open the dir in a text editor > search and replace with blank for all files. Upload the files, re-do the scan see if anything else is infected, find the malicious code, download files, search>replace with blank. and so on, until you're left with 0 infected files.

Note 1:Before that make sure to have a backup copy of the dir, just in case you screw something up.

Note 2: It's a simple but boring process, and it can take you anywhere from few hours to a whole day.

After it's all clean, make sure to at all times have up to date wordpress core and plugins.

Themes, if you got it from place like themeforest or directly from wordpress (i've developed themes for both marketplaces and know the rules in and out), can't be the reason you got infected.

To secure your WordPress site you can use security plugin like Wordfence or All in One Wp security plugin. Along with that you can use CDN services like Cloudflare, MaxCdn, etc. These steps will ensure that your WordPress site is secure.

Thanks for the input so far guys, I appreciate it. I will try Cloudflare, seems to be easy to do from cPanel.
As I said, I am using wordfence already although it is a pain in the ass because it sometimes blocks me from doing things and screwed up one site completely.
will look at all in1 wp sec too, thxs

Another thing to look at is your hosting account itself.

Are you changing passwords regularly? And using strong passwords?

It's quite possible that the hacks are being done at the server level, rather than through WP itself.

The same applies to your WP log in page. Use strong passwords and change them regularly.

When you set up WP, use strong password-type strings as the database username and password.

Bottom line, make your installation as hard to crack as possible.

You might also ask your host if someone else on the shared server is accessing your account. I was with a host once that had a glitch in their setup that allowed users to view the file structure at the server level. With that access, it was a simple matter to substitute corrupted files for clean ones. A cursory examination would not show the intrusion.

(I'm not going to name the host, as they've been out of business for over a decade.)

I think other comments covered most of the suggestions I normally would give... Only one thing is still left for me

Lets, go to the point. You are using a shared hosting. It means you are sharing a hard disk with some other people. You do not know them, even you do not have any idea which type of sites they are running on their website.

So it brings few things in front of us.....

1. If any of the site on the same storage media is infected it can spread. May be you removed the malware from your part, did others did the same? Or were that done simultanously?
2. Like if you are infected you might infect others as well and vice versa
3. Also you will get less speed as if someone else is getting more visitors he will use more resource ( though there are some script running by the hosting to prevent it but you know those actually do not work well and something they just limit your site with certain criteria ), why, it happens? Well, it is a shared hosting right? You sharing everything.

For SEO prospective as well as security I would suggest you to go with a cloud hosting. If that is not possible, then at least go for a hosting that is more famous ( the list of fame is not that long, search this forum and you will get the list). I hope it will solve your problem. Few years back I changed my hosting 3 times a year. Well, not good experience but it just saved my ass and I am happy what I have got now.

The last thing, I pay my hosting each month. And I always have back up ready to restore the site if needed with just few clicks. So be prepared. It is internet and anything can happen. Why I pay each month? Well, I am ready to move to a new hosting if needed. But I think I will not have to move in near future Quite happy with my kids ( my websites ) and their mother ( the hosting ).

Oh, one thing, A wise man once said to me................ for hosting, you will get what you pay for. You know what I mean, the cheaper hosting you get the cheaper the service you will get.

Hope My Experience will save you a lot of time in future
Sabbir H

Thank you Sabbir,
I thought it might have been a hack on the server level as all three WP sites were infected.
On the other hand I also have n oxwall and 2 concrete5 installations on the same server in the same account and these have never been affected.

If someone who is bad enough wants to hack your wp site, they will, if they try hard enough. That's the truth. The best you can do is protect yourself enough but always have a backup, for when it happens.