Last month I set up a WordPress installation on a shared server.
I logged on today, to discover it had been hacked.
I reset the salt, changed my password.
I checked all the files, the only change to the site seems to have been the replacement of header.php in the twentyeleven theme.
I restored the original and the site now looks OK.
I am still trying to learn WordPress, and am developing the site.
It only has 2 registered users with reasonably strong passwords.
Does anyone have any idea how this may have happened?
Is there any inherent weakness in WordPress?
This has not exactly filled me with confidence.
I have not had any other problems, apart from attempts to post spam on my Bulletin Board.