A plugin that
- Greps every file in your public web directory, recursively, looking for “base64” and tells you about them. The default WP install has none of these.
- Warns you on modification date of any file in the install, plus in any themes.
- Checks header and footer for unusual size changes.
- Warns you on any files added to install directories that are not something in the vanilla install — e.g., any new php files in wp-admin that aren’t part of the install.
- Warns you on any .htaccess redirects.
- Pulls out the list of administrators by querying in wp_usermeta for wp_metavalue containing %administrator% — not whatever the dashboard uses, which appears to correlate to other tables and therefore misses hacked accounts.
- Generates a table of everything in wp_options that is not a part of the vanilla WP install, so you can check it. Sure, a whole bunch of plugins will show up, but maybe you can check that manually.
Doing all this by hand is getting old. The saga continues at the other post, which continues to get updates.