I admit. This website, like thousands of others, has been hacked! I still have to identify the precise source of the attack, but I've found out that is very common. I was able to discover about the attack just because the dashboard of WordPress stopped working. I decided to investigate and I found this strind on top of every .php file http://pastebin.com/k0iQymRy
Just googling I discovered that I was not alone http://stackoverflow.com/questions/16963818/server-hacked-on-wordpress-files
How to fix this?
The best solution would be to restore the files with a valid backup, but sometimes this is not possible. Here comes an handy bash solution (note: you need to be able to access your hosting with a SSH shell to execute this command): http://pastebin.com/V3nFwwtZ