rocknbil - 4:13 pm on May 29, 2012 (gmt 0)

If you're sure it's not your passwords, how about the FTP passwords? How secure is **your** computer, and is the AVG up to date? Sometimes the point of access is your computer.

Most (but not all) Workpress hacks manifest themselves as files (index.php and .js files, specifically) being injected with malicious Javascript leading to a compromised server that installs a malware on the client host. With files being deleted and new admin level users appearing, you may have something more serious on your hands and it's very likely Worpdress itself is not the entry point.