WordPress Hack – How to Prevent

Hello all,

an old client of mine was hacked yesterday. The following code was loaded into the root index.php (not theme).

[ Please do not post malware/exploit code here. ]

I was able to replace and fix, but interestingly enough, another site on the same host that was static/Dreamweaver code was also hacked.

My question is, what can I help them do to prevent this and how was this done? The server itself is pretty locked down – for example I can’t automatically update WP with them as they have the PHP Exec disabled. The host is of no help and basically shrugged their shoulders at the incident.

Any tips appreciated!