My site has been hacked like crazy lately (they get in and replace the index page, along with deleting a few random WP files, see http://www.whatsonxiamen.com/), and after changing my password twice, it's still happening. I have been talking to the tech support for two days about this, and so far they have said they are secure and any flaws are mine.
Today, they said that they've checked and my PHP scripts are outdated. I used to run TinyBB, but since the first hack (when the entire script's folder mysteriously disappeared), I didn't bother uploading and installing it again.
I use WP 2.0.2. Since I'm not PHP coder, all I know is WordPress does not connect to my server using my account (as in my server account) username and password. Am I right in assuming that?
I do not use file uploading through WP (how would I secure that, if I did?).
So. My question is, is there really a flaw somewhere in WP 2.0.2 that I've not read about, or is my server host just trying to deflect the blame for lax security? And if they are, could anyone please try to help me explain that to them in a very technical manner while implying that they were raised by baboons?
I really need help (or thoughts and opinions) here. I run a community site by myself and I don't really have time for this and it's 3.30am and they won't give me a good answer and I'm really really frustrated because they've not given me good answers for two days and I haven't had a hell of a lot of sleep because I stay up late trying to solve this and then I get calls in the morning from people who use the site to tell me it's been hacked.