A few years ago, I got hit with a base64 attack, where code was injected into every php file on my wordpress site.
I never got an explanation for how an attacker was able to alter my php files. It was not through ftp/ssh password/login, I was able to rule that out by looking at login logs.
So how could anyone get to my php files?
How can I make sure it never happens again?
Why did this only affect my WordPress sites, not my other php sites?
As always, any information or assistance will be extremely much appreciated.