As DeepJava says, clean up local machine first. (rootkits, keyloogers). One way that hackers get in to your data base is by making randon queries to your website and reading the information Apache provides in error messages. You can make an error page (html. Or I suppose a page on wordpress) In htaccess file place this lines:
allow from all
ErrorDocument 400 /errorPage.html
ErrorDocument 401 /errorPage.html
ErrorDocument 403 /errorPage.html
ErrorDocument 404 /errorPage.html
ErrorDocument 500 /errorPage.html`
I've just put all the error codes so you don't have to look them up. Test this by typing your url then anything like
mydomain.com/anything and see what happens.
Forms are used to get the Apache server to deliver error codes. Remember you can upgrade, or reinstall, at anytime - just tell the automated response to - do it anyway.