One of our sites was hacked and had malware infection on the template files.
I have removed this php code and removed the compromised phpmyadmin plugin which was acting as a backdoor.
Looking at the webstats wp-admin/admin-ajax.php is the most popular entry and exit page. And most hits are direct request by a long way.
We have 8x as much traffic since being hacked.
The hosts have said I've gone over my monthly bandwidth of 20GB (the site gets about 80-100 unique visitors and isn't very heavy), so can you make any suggestions as to what I should do next? Thanks in advance!