WordPress Hack Fix Steps
I had fun fixing a small pile of wordpress sites that had been hacked today. I could not find any useful how to guides on how to fix this, so I thought to post it here for the poor soul that also needs to fix this hack.
Site would show near the bottom of each page:
Not Found
The requested URL /spam/getlinks.php was not found on this server.
You can simply edit /wp-includes/general-template.php and comment out or remove the line in the function called get-footer that references main.is file.
You should also remove or rename the file called main.is in the js folder. ( /js/main.is )
You can find common hacks by using the command grep -r base64_decode in the main folder of your wordpress directory. It will show a list of encoded php code that could be used for injection during runtime. Be careful that you do not delete/remove good code that actually uses decoding.