I have an up-to-date installation, having rebuilt it from scratch after a hack last May on a new server and IP, and adding several security plug-ins based on recommendations in the forum and documentation: the site is pretty well locked down.
Simple login log has recorded a number of unsuccessful brute force attempts to login as "admin" but it also records a successful log-in by "systemwpadmin" with a id88888 and a Russian IP. I can't tell whether the access was at admin level or not, and have spent hours looking for any clues as to what may have been changed: core files and template (artisteer) seem fine and there seems no trace otherwise of a hack. The database doesn't seem to have any base64_, eval or strrev strings anywhere but I would like to know if there is a good method to scan the database for hacking attempts.
A google search indicates the same username has apparently attacked other sites but there is no follow-up information.
I would welcome any suggestions as to what may have been tampered with, or how best to proceed as I am somewhat frustrated and disheartened.
Many thanks in anticipation.
ps. I can't really add htaccess to wp-admin as I will need to give access to several authors/editors