Hi
Clean the infected files, or replace with a backup, and then change your passwords including ftp/sftp and also make sure your wordpress install is up to date.

Thanks
Mark

You may also need to check that Google hasn't spotted it and de-indexed your site. You can do that through Google Webmasters Tools, including re-submitting your site once it's cleaned up.

Once you're all cleaned up this article may help with improving your site's resistance to hacking in the future:

http://www.wealthydragon.com/blog/20...-security-ftp/

Cheers,

Martin.

[DELETED]

I would suggest thoroughly checking your personal computer for viruses also.
There are key loggers and other programs with vulnerabilities. If you are downloading anything from torrents or cracked software you may want to beware.

You don't happen to use filezilla for ftp do you?

It leads to a 404 error page (the PHP file was not found at their server) even when I fake referer/useragent to pretend the request comes from a legitimate website and not from a security consulting service.

But I would recommend you to remove the code immediately from your website and upgrade your WordPress installation to the latest version immediately as well.

Not only you're risking potentially getting your visitors or yourself infected with any type of malware, but you're also risking yourself getting into problems because of misuse of your server resources by the hackers.

just clean the infected files and change ftp password .....

hello,you should delete that line infected and write again the script...from 0.I have same problem and i fix it with that solution.