Went to put up a link to my site on Facebook in a comment box, and it brought up the site but all the text describing the site had all this viagra advertising and such in it. So, I go check out my header.php and someone has injected the following right before the <body> tag:
[ Spam links and code removed, no need to copy that here ]
How the heck they they do this...this makes me very unhappy and raises a security question with wordpress for I always change the password on a regular basis for admin login??? Any ideas????