Unless you can be 100% sure of where the malware came from and what it changed, because you have an intrusion detection system (OSSEC), simply removing the damage you see (like code in header.php) doesn't actually solve the problem, because whatever put it there in the first place could still exist.
Take a look at this in terms of securing your WordPress in the future:
For now, I don't think you can get around completely reinstalling WordPress. You can export your data and then reimport it, but before you move the uploads folder back, make sure there are no script files in there e.g. something.php or something.js.
It is possible that something unwanted could be stored in the database, but in all my WordPress infections I've seen, the database was always clean, so there's hope.
My name is Josh Yudell and glad to be a part of cnet. I need help from the experts and senior members regarding malware at wordpress websites.
My wordpress sites seem to be constantly getting attacked and some malware scripts keep being embedded in my header file(header.php).
I am even running a few plugins that are supposed to stop it from happening and thats not working. I deleted the script from the header file but the malware warning still shows up when I scan it:
Suspicious conditional redirect.
Redirects users to: [ malware site redacted, you really don't need to share that link here ]
Any help or suggestions that any one of you can provide would be GREATLY appreciated.
Waiting for your responses.