an old client of mine was hacked yesterday. The following code was loaded into the root index.php (not theme).
[ Please do not post malware/exploit code here. ]
I was able to replace and fix, but interestingly enough, another site on the same host that was static/Dreamweaver code was also hacked.
My question is, what can I help them do to prevent this and how was this done? The server itself is pretty locked down - for example I can't automatically update WP with them as they have the PHP Exec disabled. The host is of no help and basically shrugged their shoulders at the incident.
Any tips appreciated!