[wingo]

Replacing eval with alert/echo is a nice technique, one I hadn't thought of.

Thankfully I haven't had to think of it in years; their conclusions (basically, more logging and keeping up-to-date) would be valid if it weren't Wordpress itself which is usually the attack vector. It's better to use something else entirely.

[skolor]

I'm not convinced that using Wordpress is what directly caused this. From the article, this was a "quite popular website". If someone from, say, Google, got a keylogger on their computer, especially one that directly faces the internet, I would be considerably more inclined to assume it was a targetted attack, rather than just a random infection.

Just telling someone to use something else doesn't help at all. Telling a user to stop using Windows because they get infected often may help if they were simply downloading stuff they shouldn't, but if they were actually being attacked, moving to Linux, since they will know much less about keeping it even remotely secure, would lead to a potentially far more dangerous infection.