Last year i did not updated my wordpress installations and as a result im seeing malicious scripts are being injected into my Wordrpress directory sctructure. If im not using Namecheap hosting i may not know about it at all and i would have various ddos and spam scripts on my hosting i guess.

Example detection:
  '[PHP Exploit [P0233]]':    /home/*/public_html/*.info/wp-content/themes/twentyten/sidebar-footer.php
I think thanks to vulnerability in Wordpress or in its theme someone was able to upload malicious script sidebar-footer.php ...

But i got above notifficaton from Namecheap, i think they using ConfigServerExploit scanner.

What is the best way to prevent these injections?