So if you have a WP site that gets “hacked” and you want to search for what files are effected there are a couple nice server commands you can run to make the process of finding the files much faster:
1.) Search your entire site for base64 code
grep -r base64_decode *
2.) Search for files recently changed
find ~/public_html -type f -ctime -7
*This example searches for any files changed in the last 7 days, you can update the -7 to any day amount