This is mostly a reminder to myself:
There exists mechanisms for nefarious folks to inject obfuscated scripts into wordpress pages.
If this happens:
Search for injected scripts:
grep -lR “eval(base64_decode” *
(Look for the obfuscated code)
These script often don’t put new lines in the corrupted page so you’ll often have to be a bit careful about how to remove the script. Simply removing the nth line (where n is the evil code) can get you into trouble.
Fortunately, these are encapsulated php blocks, so we can be confident that removing a complete block should remove the bad code.
find . -name “*.php” | xargs grep -l “eval(base64_decode” | xargs sed -i.corrupted ‘1,1 s/<?php.*>//g’
(Find all the php files -> look to see if it has an obfuscated script -> make a backup and then replace any php complete blocks with nothing – but  only on the first line)
find . -type f -name “*.corrupted” -exec rm -f {} \;
(Remove the backup files)