Sucuri Security has posted instructions on how to remove the infected code from your WordPress site. The instructions to remove the infected code is as follows:
- Download http://sucuri.net/malware/helpers/wordpress-fix_php.txt to your desktop and rename it to wordpress-fix.php
- Upload this file via ftp to your sites root folder.
- Execute the php file http://yourwebsite.com/wordpress-fix.php.
NOTE: If you are running any caching applications on your WordPress installation, it will be necessary to flush all cache.
If your site is not getting cleanup after you run it (or you are getting extra empty lines on the top of your files), it means that the script didn’t finish to run properly.
- Try running it again. It it doesn’t help, upload it to some sub directories (like wp-admin, wp-content and wp-includes) and run directly from there. For example:
- http://yoursite.com/wp-content/wordpress-fix.php , etc.