Checking out a new site that we're helping to clean up and noticed the lovely bit of code below buried in there.  Two possible causes:

1: WordPress was outdated.  Seriously, always keep it updated.  It was only a few updates behind, but that's often enough to let the bad guys in.

2: It's hosted on GoDaddy.  I've seen a number of sites get hacked that were otherwise secure, simply because there was some hole in GoDaddy's security.

Not sure which of those led to this, but we'll be patching up both of those issues once we get things cleaned out...
Photo
Shared publiclyView activity