Last week my site was hacked. Multiple wordpress files had the following code appended at the very end:
This was in many wp-*.php files. I wiped my entire websites http root and installed the latest version of WP (2.3.3) since I was running an older version and I knew there were security fixes. I thought I was covered, until last night the same exact exploit was performed on my site. Again, this is a 100% clean 2.3.3 installation. I'm 99% confident this has nothing to do with a password hack or any type of internal access since the js code is haphazardly appended to the end of various files. The only way I even noticed this "hack" is because the code invalidates/breaks my rss feed.
I found one prior instance of this hack on this board, and it was with an older version of wordpress. I have NOTHING else installed on this site, wordpress 2.3.3 is the only files in my http root. The ONLY plugins I have installed or even on the server are Askimet and Feed Locations.
Aside from changing my passwords (which I'm certain will not close this loophole), is there any way to prevent this from happening?