After 2 years I was experiencing the websites down issue in my account. The hosting provider had database server issues a last week, which they worked and restored but it kept going down often. The day I thought its stablized, all my websites hacked with code injected in the header area of all php files (of wordpress sites). I restored the backup, but today again all went down with the same hacking code in all header of php files.
I had latest version of wordfence installed. What could've gone wrong? How to protect from such attacks in future? and, is there any way to remove the injected code automatically?
Thank you for your help!