http://phpsecurity.readthedocs.org/en/latest/Injection-Attacks.html

I suspect most of these are code injection, like file inclusion. I think some basics like file/directory write permissions checks would go a long way.
Found this informative too (on Cross-Site Scripting (XSS):
http://phpsecurity.readthedocs.org/en/latest/Cross-Site-Scripting-%28XSS%29.html

On Wed, Feb 11, 2015 at 10:53 PM, Makhanu Sinja <jeysinja@gmail.com> wrote:
Big Sigh! Wordpress sites I have designed are running smoothly

On 2/11/15, Samuel Waithaka via skunkworks <skunkworks@lists.my.co.ke> wrote:
> Another website [that I know] was hacked today. Someone shared this:
>
> http://www.pcworld.com/article/2458080/thousands-of-sites-compromised-through-wordpress-plugin-vulnerability.html
>
> On Tue, Feb 10, 2015 at 8:38 AM, Samuel Waithaka <samwaithaka@gmail.com>
> wrote:
>
>> Seems Kenya Rural Roads Authority - KeRRA are not aware that they've been
>> hacked:
>>
>> http://www.kerra.go.ke/
>>
>> I don't think code those hackers put up is infected though - at least not
>> yet..
>>
>> --
>> Samuel Waithaka
>> http://twitter.com/samwaithaka
>>
>
>
>
> --
> Samuel Waithaka
> http://twitter.com/samwaithaka
>


--
--
Kind Regards.
*Makhanu Sinja.*
+254 (0) 72168 0868 || Email me <jeysinja@gmail.com> || @iMakhs
<http://www.twitter.com/iMakhs>

*I do know everything, just not all at once. It's a virtual memory problem.*



--
Samuel Waithaka
http://twitter.com/samwaithaka