Well I’ve learned my lesson regarding critical security updates. I’ve been running a couple of version behind the latest for months now.
I then spotted a whole bunch of 404s in Google’s webmaster tools. Really odd links that shouldn’t even exist on my site. So after investigating I discovered that my footer.php was full of spam links.
So I deleted them. Next time I checked they had come back. So I exported my posts as XML and ditched both the WordPress and the database. I then reinstalled the lastest version of WordPress and imported my posts. Next time I will upgrade when a security patch is realeased!
The only remaining problem is the damage done to my search engine listings, I have fallen off the map completely. Googlebot still hasn’t revisted my site since I repaired the damage, so who knows how long before things correct themselves, I have made a resumbission request just in case I’ve been blacklisted or something.