We manage a number of WordPress websites and the immense popularity of the platform can certainly open it up to malicious coders. I recently noticed that a couple of older websites had become fodder for malware infections. These blogs were both hosted on Dreamhost and I have since discovered that the issue seems limited to Bluehost and Dreamhost at the moment. Many of the files contained the eval(base64_decode code and manually removing the code (or overwrite these files) may provide a temporary fix but the issue is most likely lurking elsewhere.

So after some prodding and poking and browsing online, I came across this post from Sucuri that solved the problem in about 2 minutes.