The only bright side in someone coming to you with a hacked website is that you get to get to look for the bad code and learn from it. Yesterday, I acquired one that is very slippery and will require a reinstall and setup of WordPress. But, the old files are a good learning tool.
Does anyone know whether there is EVER a legitimate reason for there to be code in index.php in the plugins folder beyond // Silence is golden?
I found a considerable amount of code in this file with eval(), fopen(), etc. All very suspicious. I find that even legitimate plugins use eval(), which can be exploited.