I look after a fairly popular site powered by wordpress which may have had a security breach today - certain pages have been getting trashed without anyone who should have access doing so. When I restore the pages and check the "last edited by" info just under the edit box it tells me a username and a time when the last edit took place, but this person was not themselves responsible for trashing the page, unless their account was compromised.
Is the information saved anywhere in the DB which would tell me which account was definitely used to trash the page, or would this "last edited by" info definitely be the account?
Obviously all passwords have since been reset etc. Any info much appreciated.