We got hacked a few weeks ago due to a vulnerability in the WYSIJA (Mail-Poet) plugin for Wordpress, which allowed a file to be uploaded and executed, resulting in ALL our PHP files being infected with an encrypted script at the beginning of them.

Usually on a Unix/Linux based system...