Primary Step: Scan your computer... if all clean start here: Step One: Make a backup of your WP-Config.php file and delete your wordpress folders and files. Step Two: Check your theme folders. Every single folder. If you have uploaded a thumbs.db file - delete it. This is one way to attack. Check your CSS files. Actually open them and look to see that the code you mentioned is not in there. They will run <?php script from within the css file. Check it. Also check your theme files for dates of change. If you notice that the dates are new but you did not alter them, delete them or the entire theme and load it from scratch. DELETE any theme you ARE NOT using. Step Three: Make a note of the plugin files you have. Then, delete all of your plugins. You can put them back when you re-install Wordpress. Any plugin that uses an index.php file of functions.php file may be infected. DELETE any plugins you are not using. Step Four: Create an index.php file and place it in all folders that do not have an index.php of index.html or index.htm file. Here is the code to make one. Open notepad, copy and paste this code, save the file as index.php. This will instantly send anyone lurking in your folders back to the main page of your site: Yes, change YOURDOMAINNAME to your domain name... Place this file in all folders, even image folders, uploads (especially uploads), everywhere... even in the admin subfolders. It sounds extreme but well worth the time. I think there is an htaccess code for this but m not sure. Step Five: lock down your htaccess file - paste this into your htaccess file: Step Six: Openyour WP_Config.php file and change the password. Use !# characters, uppercase and lowercase letters and some numbers. Make it as long as your cpanel allows you to make it. Dont skimp. Step Seven: Back in Cpanel, change the password of the database, maybe even the name. Now repair and optimize the database. Step Eight: Change your FTP login password and cpanel passwords. Make them as long as it will allow and use uppercase letter, numbers, lowercase letter, characters, etc you get the point. Also check and make sure no one has created an additional FTP account. Hope this helps. And yeah I know it sounds like a lot of work, but it beats reloading WP every other day. Also, be sure to check your files every day to see if any changes were made to them (date/time).