Originally Posted by saran_redhat
Is there any other way to find out how the malware attack happened all my websites.
Like I said before the main reason is running outdated versions of software, third party plugins or not running software like it should be. The latter includes issues like running all web sites in the same shared hosting environment, web servers running default configurations, PHP configuration allowing dangerous HTTP methods, lax file access permissions, installers that aren't cleaned up, unrestricted access to management interfaces, leeched FTP credentials, compromised SSH accounts, no hardened PHP, web no application firewall, no testing whatsoever, etc, etc.
There is no single configuration setting, not a single task to perform and not a single process to run to "fix things": the base has to be sound to have any effect and continuous auditing and maintenance are required. Start by assessing if the OS is properly configured, hardened and maintained, then assess if everything in your web stack is hardened and always up to date, then audit and test your setup.