In a follow up to this post a timely reminder that WordPress installations must be secure.
Hackers have developed a distributed WordPress admin account cracking scheme that poses a severe risk for the security of blogs whose owners select insecure passwords.
PHP scripts located on a virtual server run bruteforce (password guessing) attacks on targeted sites. Many sites can be attacked at the same time by the system, with results written into an associated database.
Having a non standard login (i.e. not administrator) and a long alphanumeric password are easy steps to take, as well as restricting administrative changes to a particular IP address