My Wordpress install got hacked a week or more ago, and I couldn't work on figuring it out until tonight. Well, it looks like some hacker found out my wp-config.php file had some bad permissions set and he inserted some code in there that basically scanned every php file on my site and injected every php file with code that will redirect users to various malware sites.

It was easier for me to edit every php file rather than re-download all my plugins again (except the W3 Caching plugin - it has about 100 files). I also had to reinstall the theme because it was fully infected, too.

So, everyone, make sure you have proper permissions set on all your files or things like this can happen.