Thanks for your replies, gents.
I’ve read/poured over some of the resources linked. My main problem is I don’t know how to tell which plug-in could be sending the emails.
I’ve updated/replaced the WP core files with a packaged downloaded from ww.wp.xz.cn, which makes me think it’s plug-in related.
After working with the host, we’ve deduced it’s an exploit designed to send out mass emails. They can’t tell me the address the “hack” is using or where it’s going, they just know its email traffic.
I’m well aware there isn’t anything free or easy and I don’t mind paying. In fact, I’ve just hired a developer to build a new website ($30,000 contract).
