I should start by saying this is not my area. If there's anyone else reading this who knows more, please jump in with some sage advice.
That said, Google did turn up some promising links
Wordpress Spam Injection = Google Penalty for My Blog (But Not Website)
Wordpress Spam Injection: ‘Goro’ hacked my blog
Expunging the wordpress.net.in spam injection hijack
The Aftermath of a Wordpress Spam Injection (and a Tool to Prevent it)
Wordpress exploit: we been hit by hidden spam link injection
How to remove wordpress.net.in spams Remote Injection
General stuff I'd do in your position:
- Strip out the bad code from all of your template files. Almost anything 'encrypted' with base64 is that way because someone has something to hide, not for your benefit.
- Check other files (plugins, WordPress source) to see if any of them have similar problems. If any of them do, I'd be tempted to delete them and upload WordPress and the plugins again. In particular, check
these files. (Keep the database so you'll be back where you were once you've uploaded everything again. And actually I think I'd rename the WordPress folder instead of deleting it, just in case things went horribly wrong.
)
- As kelevracro says, change your passwords (FTP, WordPress, database).
- If you have any themes or plugins that weren't downloaded from wordpress.com then make sure you can trust them. I suspect this is the most likely route in for the exploit.
- It's
possible that the problem will be in your database, in which case you'll have to sanitise that as well.
Once you've stripped the issues out, see if they reappear. I'd also browse the site as Googlebot (see links above) or check the Google cache to make sure there aren't any other links hidden from you.
Hope that's of some help.