carkod

that’s an injected javascript code. Try this
https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of-websites.html

The WordFence and Sucuri plugins may be able to help you. First do malware scans, then harden everything you can (Sucuri).
Change passwords. Check if your passwords have been compromised (there is a login section in Sucuri, check if the IPs are yours, if a session IP is not familar and you can see they have successfully logged in, it means your password has been compromised)

Also check your server side passwords. Check any files that are unknown to you by comparing with WordPress repository version. And if possible remove any code and file that you are sure they were not there before. Careful with this, proceed with caution as you may break the entire website.

If nothing works, what I did once is to replace all sites, themes, plugins… with new files or older versions.

The problem with the WordPress FAQ “My site was hacked” is that it is not specific enough. It is a good guide, but for non-experts it’s quite difficult to know where to start. But of course, it is like what your physician will say, but every patient has different symptoms and reacts to different treatments, so my suggestion is to search on Internet for different solutions.

Hope it helps. This came from my own experience and it worked quite good. Good luck!!