Multiples vulnerabilities are used on wordpress to upload a PHP WebShell named AK47. This backdoor is uploaded in a file name wp-log.php in the root folder of Wordpress. The main language of this shell is Chinese. The pirate use it to inject some code from url "http://bewinshell.zrp.li/index.php?r=links&v=STDYd" in your pages, essentialy in the file footer.php from your theme.
This backdoor has the ability to connect on :
Simply check on your wordpress site if there is a wp-log.php file on the root folder : http://mywpsite.something/wp-log.php . If yes, you should have a form with one input ( standard pass is "123x" ). If you get one, please send it at http://openbreach.com/submit/ with a maximum of information, then remove it from your wordpress site. You can get more informations on http://openbreach.com/index/OB-2015-0002