This issue has been continuing to present itself. The site in question is using the SAICO theme. Because the cache files are always the ones infected, I realized that the threat must be accessing the site externally (not through a backdoor logon, etc.). I found that this theme has a vulnerability which was announced last October. It allows for an arbitrary file upload. We'll get to work picking out a new theme. Hopefully, WordFence will be able to help catch vulnerabilities such as these in the future (although it is already an amazing plugin!).
↧