From the hacking perpective they definitely seem to be exploiting some feature of wordpress to do it. The only part of my site which was affected was within the wordpress installation. I'm guessing it was some sort of a batch job because they didn't do any damage to the site contents even though they clearly broke into the account database and hacked/modified the password to the admin account. If this was a deliberate hacking attempt designed to take down the site they could've done a lot more, I'm guessing it took about a day before I noticed the site had been hacked.
Thanks to everyone who helped out here. Bernard, I'd already checked out the hardening wordpress post, all that stuff outlined there was in place on my site before it got hacked. I'll read the rest.
Changing my theme is a problem even though I've been thinking of doing a total redesign lately. That theme is my own theme which I created for my site. Subsequently I published it and it has been used by many others but I'm curious now that if perhaps by publishing the theme I use has made me somehow suseptable to this type of hackjob.
Anyways, I've backed up everything now and I'll make a point to do monthly backups of my site. I've contacted Hostmonster and told them about the hacking but since I'd already cleaned up there was nothing they could see...