Just want to ask if there is a known source of this site hacking problem we are having. Mainly on sites which have been 'given over' to clients to maintain themselves and they haven't updated !
I have spoken to Namesco where most of the sites are being hosted on, they suggested updating (which I did - some sites not on php5 so have done that too.) and stripping the hacking script out , which I have done. i have also looked any plugins that were on the sites. And made sure the was an api secret key added (so that it forces a re-log in).
Looking at plugins on the sites which were hacked, I cannot see any common ones, could they be getting in through TinyMCE Advanced, I have de-activated it.