I ran across this problem recently – whatever got in left behind a telltale footprint:
<?php eval(gzinflate(base64_decode( at the beginning of the first line. Once I removed the entire line, googlebot user agents were then able to correctly parse the page. In some instances, I had over 100 files affected.
If you have shell access to your WordPress host, the following commands may be helpful:
To find all the affected files:
find /path/to/wordpress -name \*.php -print0 | xargs -0 grep -l 'php eval(gzinflate(base64_decode('
To clean all the files:
find /path/to/wordpress -name \*.php -print0 | xargs -0 sed -i -e '/php eval(gzinflate(base64_decode/d'
Standard disclaimers of “no warranty” apply. Always make backups.
