Came across a little BlackHat SEO injection yesterday , just wanted to share it and see if anyone else has experienced this.
found the following code in HEAD.php
also found the following user added as an Administrator
systemwpadmin / firstname.lastname@example.org
Had the guys at Sucuri clean the site ( awesome service ! ) and it appears that only the HEAD.php file had the injection
WordPress is up to date
plugins up to date
theme up to date
Hosting is 4G by Godaddy
No default admin account
password for admin and DB are 18 character alpha numeric
thought I had all my bases covered with the above but somehow the code got in
just curious , any thoughts as to what the attack vector could have been ?