I wonder how the site got attacked in the first place? Wait, it didn't got attacked, a malware code was found in the wordpress login. Could it be that someone hacked it and put their malware code, or it's just a case of an infected machine? I would guess the answer is the infected machines accessing wordpress, maybe a member logged in to comment while not realizing the computer was infected by a type of malware, and the person didn't clear his cookies and somehow the malicious software injected a harmful code with the user session not logged out.
Okay, I've put a "dead man's switch" in place, where if code gets inserted (I am fairly sure at this point it's being done by bots) it will kill the front page, and no output will be sent at all. This should prevent the chance that infected code is ran and will provide a fail-safe until attention can be paid.
I tried to come on here yesterday and Firefox stopped me saying there was a problem. Good thing I listened to that warning. O_O I'll still scan my computer though just to be safe. Thanks for the heads-up.
By any chance this malware could steal saved passwords in Firefox? If so, then I got a lot of pass changing to do. However, it's worth noting that my computer did NOT pick up anything when I ran that one virus scanner Retro linked to.