Atomicorp

I've recently had a number of wordpress sites on my server compromised. I am pretty sure the sites weren't running the latest version of wordpress though. All of them seemed to have one thing in common, various integral files at encrypted code injected at the top of them. While ASL blocked the infected files from executing, because of the nature of the infected files, they also stopped the websites from working.

How can I prevent malicious code injection?

I've scanned a couple of properties and see malicious files uploaded pretty recently as well

if the files have been changed that means they edited the files. when this has happened to us its because they guessed a password and logged in to the shell.