Security: Monitor Your WordPress Files
Obviously, this is a pain in the arse to look through manually. There are just so many files (especially on plugin-heavy websites).
That’s why I recommend the following plugin: WP Security Audit Log. It scans all your files for file sizes, date modification timestamps, and utilizes file hashes. If any of these change, then it will alert you by email. It also detects if files were deleted or added too. Note that the scan can be set to use the WordPress cron or a different cron. It can also be set to scan hourly, every 12 hours, daily, or at a custom interval.
Keep in mind that this type of plugin is best installed BEFORE an intrusion occurs so that it can help you play cleanup more easily.