There seems to be a common hack going around, not just in WordPress, but in other common php-based scripts such as joomla, etc. In this hack, a line of encrypted code is placed into many different files.

If you have SSH access, you can run a command based on the following to find and replace all that hacker-related code.

for file in $(grep "searchstring" -lir *); do sed -i 's/searchstring/replacestring/g' $file; done;

(Try also):

find . \( -name "*.php" \) -exec grep -Hn "[\t]*eval(base64_decode(.*));" {} \; -exec sed -i 's/[\t]*eval(base64_decode(.*));//g' {} \;

Note: Make sure to backup your content first, in case you break something!

There are many different security measures which should be taken to keep the site secure now. BlueHost has some documentation which goes over many basic security tips:

http://helpdesk.bluehost.com/index.php/kb/article/000511

Also read the following which has several good links and information in regards to this:

http://wordpress.org/support/topic/322422?replies=14

Good luck and happy blogging!

Be Sociable, Share!