Last week I was reading the official WordPress blog and I came across an interesting plugin: WordPress Exploit Scanner. It basically scans your database entries and site files looking for suspicious lines of codes. On top of that it also looks for suspicious plugins, posts, pages, users and WordPress settings.
Here is a screenshot:
It is worth to run this plugin once in a while, and especially if you believe that a malicious user might have compromised your installation recently or in the past.