Here’s another WordPress security plugin recommendation! The plugin? Threat Scan Plugin. It has one task and it does it well. It scans all of your files for potential security holes. These holes more often than not utilize PHP eval function, which can allow for an attacker to run malicious code if not sanitized and secured properly. Anything it finds should be uninstalled if possible. After all, the best policy is to trust nothing. As a bonus, this scanner also checks the database (such as the wp_options area) for odd code.
Note that this plugin fixes nothing. It simply alerts you — so it’s up to YOU, the admin, to choose what to do. Again, my recommendation is to remove anything that can be potentially exploited.