I do not know how many of you had it … but It happened to me. I recently found two sites that were done on WordPress platform and who were on the same server affected by a Dr.SHA6H. Who is it, and what he does in his spare time … does not really matter, the fact is that the two sites continued to display the text “Hacked by Dr.SHA6H | Fuck All Site” and the content of those sites were inaccessible.
On one of these sites I tried to fix it by reading the files in it. I found something in header.php, functions.php and footer.php. I tried to remove the extra code and I could not get rid of the error. I searched the database and found that it was damaged and trying to fix it, I ruined the structure of it. Finally for this site, I had it fixed by reinstalling a new database and recovery of the remains of the old one.
For the second site I said to ask ‘friend’ Google if someone has been affected and published how to fix this. I have found something useful here and it helped me a lot to fix on the second one.
I have found a widget that I disabled in the Appearence—->Widgets.
I have found Site Title changed and I recovered it from Settings—->General.
I have found UTF7 instead of UTF8 and I restored into Settings—–>Reading.
That was it. The site is now up … unharmed …
I hope it will be useful to you … but it’s better to not need … right?