[wp-testers] Default.widgets.php Hacked? What to do?

[Otto]

While I know that there are viruses that can steal your FTP
credentials from common software programs, are you sure that that is
what is going on here?

The most commonplace method I've seen to inject this sort of thing
into files is simple shared hosting with poor security practices. Once
a hacker gets into one site on the server, he can run a script that
simply searches for *.php or *.html and injects his code into anything
it finds. Thus he's got his code on dozens or hundreds of sites
instantly. Make the script run every so often, and you keep getting
"hacked" over and over again.

Solution in this case is two fold:
1. Correct the permissions. 755 or 644 for everything. Unfortunately,
sometimes this is ineffective (poor security config tends to be
*really* poor).
2. Switch hosts to one that knows what they're doing.

While I don't doubt that people have gotten hacked based on stolen FTP
creds, it seems more likely to me that this sort of code injection is
done via bad shared hosting instead.

-Otto