Script being injected into the top of all my wordpress page


Staff member
Just noticed ads appearing on one of our Wordpress sites. Nailed it down to these scripts being injected into the top of every page:

<script language="javascript" type="text/javascript" src=""></script><div style="display:none"><script language="javascript" type="text/javascript" src=""></script>

Been looking at all the files and database for hours and can't figure out what is injecting it or how it got there.

What we found so far:

<li>Some random lines in the function.php that were handling posts /
gets. We removed those but that didn't seem to solve the issue.</li>
<li>We found a wordpress user that no one has apparently created. So we removed that.</li>
<li>Reset all passwords on wordpress and FTP access</li>
<li>When we load a copy of the site on our local setup it doesn't display the ads or load the scripts... Almost like it can detect / target the live site?</li>

But we still can't find where or how the script is being injected.

Any help greatly appreciated.

Someone had a similar issue here but unfortunately removed their post so only the cached remains:
<a href="http://webcache.googleusercontent.c...age+&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=au" rel="nofollow">http://webcache.googleusercontent.c...age+&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=au</a>