You need to start working your way through these resources:
- https://codex.wordpress.org/FAQ_My_site_was_hacked
- https://wordpress.org/support/topic/268083#post-1065779
- http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
- http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
- http://sitecheck.sucuri.net/scanner/
- http://www.unmaskparasites.com/
- http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
If you check you site using Sucuri's free scanner here: http://sitecheck.sucuri.net/. The code is def something malicious.