Site hacked! Found "base64" in 2 files

[jmagro]

FOUND IT! When I did a search before for the base URL, I wasn't getting any results but now I am. I searched location.href and it came right up. Those F-ers added a php include into my index.php file that pointed to a php file in my \images\ folder.

My question now is how do I stop this from happening again? Will the previously mentioned security fixes do the trick? I also changed the admin user and password but should I have my client change their webhost logins too?

Also, thank you thank you thank you!