I have many wordpress sites hosted in a Bluehost shared hosting environment. Recently when I searched one of the sites in Google, it said "The site might be compromised".
I got alerts from Google Webmaster about a script in one of the WP sites.When I checked the sites, I found some links in the footer, mentioning "myteenmovies.net" and one another site. Whois information showed, they were Russian sites.
I also found some other PHP files with weird names, wxwz.php,xypz.php etc... The PHP code was encrypted with some eval(gununcompress(base64_decode())) like that. There was ananother file which had a comment "#Web Shell by orb".
I understand that the hacker has got complete access to my server (with Webshell script). All the sites are quite old (about a year), Wordpress 2.5. Permissions are 755. Can anyone guess or advise, how did the hacker upload the files? FTP/SSH/Cpanel passwords are quite strong. Any other ways?