There is no way to tell really. Could be anything
– Unsecured server
– Exploited Plugin / Theme
It is worth reading http://codex.wordpress.org/Hardening_WordPress. WordPress itself is pretty hacker proof (Most of the time). The developers make sure things are going pretty good. Most of the time it is add-ons or the server itself
Do you have acces sto the server logs? You can always ask your hosting company as well. It is always good to report your site being hacked so your hosting company can find and fix any issues on their end.
Thread Starter
satpan
(@satpan)
Thanks Justin. My log in to Hosting cpanel is ok. Still i will contact them but i think it might be a bug or hole in wordpress or plugin.
I am sure it is not a bug or a hole in WordPress (Though it could be). I am sure it comes from the a plugin or theme. Just because you can log into Cpanel does not mean that they did not access through your server.
Thread Starter
satpan
(@satpan)
Thanks again Justin. I’m contacting my server-host for any security issues on their side.
@satpan: Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.
Change all passwords. Scan your own PC. Use http://sitecheck.sucuri.net/ before and after.
Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting
