There are many ways attackers can insert this malicious code on your site. We recommend the following steps to secure your site:
1) Review your hosting account to ensure that it does not contain any additional malicious content.
2) Update any applications your website uses to their latest versions (e.g. WordPress, Joomla, etc).
3) Update all themes, plugins, and extensions to their latest versions.
4) Change all your account passwords (i.e., cPanel, FTP, database etc).
5) Update your anti-virus and scan your local workstation for signs of compromise.
6) Consider using website security software like Website Security to scan your site for vulnerabilities and compromises.