Word press site hacked with the eval(base64_decode) and need help cleaning up!
We have cleaned the files that were on the server and not more that 30 minutes later it was re hacked we changed ftp passwords and re uploaded the site and the site was still re hacked. We upgraded word press and the site was hacked again, we've re uploaded it again, changed passwords and the secret keys for word press so anyone that was logged in would get kicked out and it was still re hacked. We have searched through the data base and have not found anything to do with the hack there either.
We deleted all files and re uploaded the entire site and it still gets re hacked
The hack is called the eval(base64_decode and rewrites the index and the ht access files over and over.
We need someone who can fix this site.