Dr. Ron – Thanks for this link. It’s a good post. This sounds like it’s going to be done this weekend – not during the week.
A couple of comments and questions if you have any answers.
To make sure I understand… this article suggests the hacking is coming from within the Wordpress source files (php, etc.) that I’d need to clean them all out and reinstall. (I have shell access to delete and will use my ISP to reinstall a fresh instance.)
So I can restore the database because at this point, even though the the database may have crap left (although I have searched it) there’s no executable code in the database?
FYI – My hack is visible, as opposed to this writeup and many others where the hack is manifested invisibly (to hurt the SEO ratings).
Are there any other gotchas that I need to worry about, especially with respect to plugins, or if I reinstall the same plugins I should have the same settings?