Collection of most common WordPress malware collected over the years.
Most common custom functions defined within php files that are responsible for malicious behavior such as file modifications, downloading, executing PHP, and scanning files:
restore(); file_man(); edit_file(); save_file(); save_norm(); delete_file(); delete_zpl(); exec_php(); suicide(); make_worker(); manage_file(); download000(); chmod_file(); renew_file(); manual_av(); manual_wp(); make_wp(); copy_zpl(); update_wordpress(); debug_wordpress(); delete_md5(); delete_name();