My wordpress index.php has just been compromised. There was this iframe code. Can someone show me how this could happen? How do people do Cross-site scripting (XSS)? If I know how the attacker do, I should be able to prevent it, right?
Additionally, check your ftp-logs because it is possible that your FTP account might have been compromised and was able to upload the malware/trojan content in the web space.
Modify your FTP Passwords.
Check your desktop computer with some antivirus software for malware/trojan's
Update your desktop OS and browser if needed.