I got hacked, saatan.php

I have a site that recently got hacked. I finally found the problem. I noticed the hacking when the admin pages were not displaying properly, css files loaded by load-styles.php were corrupt.

The problem is a file called satan.php that is a shell virus, it can execute commands for the hacker in the shell. It showed up in several directories in the plugins directory, Box THeme, Box THeme1 to Box THeme5, Satan, Satan1, and maybe Theme. These are not valid plugins and will not show up on the plugins page. There were also zip files for each of these ‘plugins’ in the uploads directory. I deleted all these files and directories and restored qp-admin and wp-includes from baackup and the problem has gone away, for the moment.

Be forewarned!

As to a question, should I set the protection of the uploads directory to 400 to prevent this from happening again? I think the hacker used anonymous ftp to copy the zip files in as well as a script to unzip them which he them deleted.