If your WordPress website has been hacked by a SQL injection or black hat SEO attack, then you may see hundreds of blog posts advertising strange products.
One consequence of this type of attack on your WordPress site is your wp-content/uploads folder being flooded with malicious files named index.php or *.php files.
You can use the following <find> command after changing the template text to the appropriate directory structure for your server. I set up a cron job with this command for each of my WordPress sites.
find /home/account/public_html/example.com -name "*.php" -path "*/home/account/public_html/example.com/wp-content/uploads*" -print|xargs stat -c"a:%x m:%y c:%z %n"|sort -k2 > /home/account/wp_uploads_scan_results.md
If the result produces a syntax error with unexpected EOF (End of File), then it means there are no *.php files in your wp-content/uploads directory. This is the desired result.
Sources: https://jparks.work