Originally Posted by toonpornblog

Is your copy of wordpress current? Do you run anything else on it? Is this a shared WebAir system?

It's pretty trivial for bad permissions or weak permissions to let people fuck with your stuff. When I was (shortly) with webair, shared7, the machine I was on, didn't use suexec/phpsuexec, so everyone ran on the webserver as the same PID.

It'd be really trivial for someone to execute find, steal your password info, modify or insert their own administrator password hash, and log into your WordPress. I estimate maybe three seconds with one single script that globs recursively.. if server7 isn't down every 10 seconds these days.