More than 2,000 WordPress websites are infected with a keylogger Malicious script logs passwords and just about anything else admins or visitors type.