I run a few blogs and some of them have been compromised by hackers. I discovered foreign links within my articles as well as the sidebar, typically cialis and pill links.
I already have removed those foreign links and changed passwords (mysql, cpanel etc.), however I cannot help but wonder how did they get through. From what I've observed, they haven't actually gained access to WordPress; they altered the database directly. Template and WordPress files were left unchanged. In some cases, links were inserted into <img> tags, thus breaking them, which leads me to believe that links were inserted into post_content data randomly.
I have searched, however I am not sure what search terms to use; most results are ambigious.
I would appreciate advice on how to protect my blogs from these attacks; or at least proper search terms that I can use.