I went and had a look at the PhP dm_wfLogins
And there are a bunch of login attemps
aaa, admin, administrator...it goes on for many many pages. So somebody worked hard at cracking this....
I have a 26 character password which obviously helped
But they added some redirect and although they can't access the site, neither can I.