Okay, so I logged into my WP admin tonight and noticed the formatting was all weird—like it wasn't reading the css file at all. I thought maybe something was just going on with WP, they were doing maintenance, or something, so I just gave it some time. Then I checked back after a while and it was still messed up. So I started searching and realized others had this problem, but for various different reasons (NB: this happens in all browsers.)
Then I started looking at a few of the .php files on my server and noticed some crazy code at the beginning. It always begins with:
<?php /**/ eval(base64_decode(" etc. etc.
Here is one full example: http://pastebin.com/C87PD14F
I am not so good with this stuff, but it seems clear that I have been hacked. I guess my question is, what should I do from here? I think I have the latest version of WP installed. Should I re-download it and manually upload the fresh new files onto my server? Dumb question, but this won't get rid of all the content I have added, will it?
All the work I have done has been in the child theme folder. If I were to replace all the other files in my site with the default ones, could I spare these and just delete the offending code manually?
Sorry if my questions are kind of vague, and if they have been answered in various forms already, but I'm sort of at a loss here and just want to get this sorted out.
Oh, and finally—how do I prevent this from happening again?? I will change my password, obviously, but how did this happen??
Many thanks for any help you can offer...