3.2.1 Most recent Attacks

I have 40+ Websites running wordpress. I want to learn how to prevent future attacks.

They change the admin passwords and e-mail.
The only file affect was index.php on the theme.

To prevent future attacks I deleted the following files:
..wp-admin/theme-editor.php
..wp-admin/users-edit.php

Using the following code they edited the theme.
Attack log:
Logged user: admin
Date: 08-10-2011 08:29 am UTC
IP: 2.89.213.208
Country: Saudi Arabia
Theme attacked: default
Link: /wp-admin/theme-editor.php?file=/home/xxxx/public_html/wp-content/themes/default/index.php&theme=default&a=te&scrollto=722

Please advice.