My WordPress site was recently hacked into. The hacker published a post under a second user account that I created a few months ago for a friend to write posts. I'm not sure how they were able to gain access. The only thing I can think of is that my friend set an easy to crack password.
So my question: is there any sort of WP log/record I can check to see what IPs have tried accessing my wp-admin login page? I've since deleted my friends account, deleted the post, and changed my passwords. Any other suggestions? Thanks!