Every Wordpress bod is going to encounter some malware or security issues. Here are some common tricks to find the backdoor.
Find common backdoors
</>grep -ri "eval" [path]
</>grep -ri "base64_decode" [path]
Find recently modified files
</>find -type f -ctime -0 | more
The -type looks for files, and -ctime restricts your scan to the last 24 hours. You can look at the last 24 or 48 hours by specifying -1 or -2, respectively.
Find PHP files in uploads (for wordpress)
</>find uploads -name "*.php" -print