Problem with data injection

I was hoping someone could help me out. As of late, a number of my sites have been injected with hidden iframes linking to sites that seem to download viruses onto the visitors computers. The only things that allow uploads are two wordpress installations, that are kept up-to-date, thus I’m assuming are secure enough to now allow something like this.

Its getting frustrating, because I can’t have visitors being infected then turning from my sites. I’ve changed my passwords multiple times, as well as changing them to >15 character alpha-numeric combinations. I can’t figure out how someone is inserting text into my files. I’d love some help.


:cool: -//-

Ok, most definitely IPs other then my own in there, but… I’m using a 20 character, alphanumeric password… how the heck are they hacking in…