I just got Mark's Security Alert about php.net-this stuff happens to the best of us.
I installed Wordfence on my oldest (master WordPress) site shortly after its first release and was amazed at the malicious code spread across half a dozen themes! Wordfence replaced the hacked files with the originals and what Wordfence couldn't fix we deleted.
Its not the only security plugin I use, but this plugin is my FIRST line of defense. Mark and his team continue to do a top-notch job with speedy updates and timely Security Alerts. No one should build a WP site without it. Well done!