g1smd - 8:27 am on May 10, 2009 (gmt 0)
Make sure all your software is up to date: Apache, PHP, FTP server, Wordpress, etc. Check your .htaccess and .htpasswd files for unauthorised modifications. Clear out all those new files, and change passwords, then speak to your host about the hack. It might be server wide, not just you.