Yes, when anyone requests a wordpress post, it immediately requests the readme.php. I can see this using weblog analysis of the paths that each user takes, and the readme.php is the next file accessed by everyone that requests a post. I have replaced the readme.php with one without any code in it to protect my visitors.
I have searched through hundreds of files, both manually and by keyword, and have not been able to find any malicious code, although I may not know what to look for. Which .htaccess should I look at, the root directory one, or others that are in other folders? What would I find? A redirect to an external URL?