An unknown user registered on my website with the user name of "admin1" and an unrecognizable email address. I was affronted by the use of that user name, but emailed them to find out what was up before I took any action. I just checked back on the site and the rights for that user were changed from subscriber to administrator without my knowledge or permission. I IMMEDIATELY deleted that user. A programmer I work with suggested it was an SQL injection. Question is, how do I keep that from happening again??