Security: Monitor Your WordPress Files
When an intrusion occurs on WordPress, depending on the level of breech, attackers can unfortunately modify your files. Generally, they hide in bits of obfuscated code utilizing evals and / or base64_encode /base64_decode. This is often found in the footer or header php files, or even the single.php file. A lot of attackers even go a step further, and hide code in JavaScript files as well as plugins.
Obviously, this is a pain in the arse to look through manually. There are just so many files (especially on plugin-heavy websites).
That’s why I recommend the following plugin: WP Security Audit Log. It scans all your files for file sizes, date modification timestamps, and utilizes file hashes. If any of these change, then it will alert you by email. It also detects if files were deleted or added too. Note that the scan can be set to use the WordPress cron or a different cron. It can also be set to scan hourly, every 12 hours, daily, or at a custom interval.
Keep in mind that this type of plugin is best installed BEFORE an intrusion occurs so that it can help you play cleanup more easily.