Programmers who create malicious content inject the code using the "base64_decode" and "eval" PHP functions. These two functions decrypt malicious statements in your WordPress XML or PHP files. You must search for these two functions in your WordPress templates and themes files to locate any malicious code. Malicious code can insert link, hide content and even compromise the security of your blog.
Right-click the XML file you want to review and select "Open With." Click your preferred XML editor to load the code in the editor.
Press the "Ctrl" and "F" keys to open the "Find" dialog window. Type "base64_decode" in the text box and click "Find." If this function is found anywhere in the code, the editor scrolls directly to its location. Remove this code from the file to secure the blog.
Type "eval" in the dialog window after you find and remove any malicious code from the "base64_decode" function. Delete the eval function from the code.
Save the changes to the XML file and upload the file to your Web host server. You must check each of your XML and PHP files for these functions if you suspect that your blog is hacked.