Hello, I work in a hosting company and every day i see a lot of hacked accounts and inserted base64_decode( in it, ometimes even when they are with the lattest version of everythng and not instaleld a lot of templates and plugins. This is a big problem, because by these shell scripts there is a lot of spam and the ip addresses ae in blacklist after that and the customers can't send emails. Also it's awful everyday to clear user's accounts and loss our time in this.
Can you tell me do you feel the same thing and is there a number of things that can help to stop these (also this post is mainly to the wordpress developers), because I thinks it's security holes in the application. Thank you in advance and best regards from Bulgaria!