I got an email from my WP site (wordpress@..
Subject: Password Lost/Change
Password Lost and Changed for user: admin
I went to the site and couldn't log in, I tried to retrieve the password but "Sorry, that user does not seem to exist in our database.", that user being Admin. I checked the database and I'm pretty sure the wp_users table was empty (I was in a bit of a panic but pretty sure)
On the site I then noticed the lastest post had been edited to...
hax vs YOU
hax was here, hax fucked you, please no 3war ras
which seemed to sum up the situation.
Back to the database; I now see one user, admin, email listed as [ Redacted ] and user registered 2006-06-09 16:07:10. I have now changed that account and regained access but I see no reason why they shouldn't be able to do whatever they did again whenever they want.
I need to know how this happened, I have a few wordpress sites and this could happen to any at any time...
anyone have any ideas?