My blog has been hacked twice in the last week

My blog, relatively tiny and with little traffic, has been hacked twice in the last week. I tried to log in and was greeted with an “invalid password” message. I thought that was odd because I had the admin password saved in a text file and hadn’t changed it. I did searches and found out how to reset it via PhpMyAdmin, and did just that. It looks like the hacker goes in and changes the admin user name, email address, and password.

At first I figured it was a fluke and may have been explained because I was running a few versions behind. It just happened again and I am updated on the most recent version. So, what’s the story here?

This time it was a little more serious as he deleted the ‘index.php’ from the theme and uploaded a page laughing about hacking my site.

How are they doing this?

Here is a link to a screen shot of the users table in PhpMyAdmin. It shows what they’re changing. Image

I have backups but the hassle of this is totally annoying and I really cannot figure out how it’s being done, so what’s to stop them from just doing it again, over and over?

Like I said, I upgraded to the most recent version of WordPress, so if there’s a hole in WordPress that they’re circumventing, I have no way to stop it. I don’t think they’re getting in via cPanel as that password is not altered. The admin user name on my site is unconventional, and the password is 13 characters of completely random, unguessable gibberish.

Any ideas? I’d appreciate anything to help put an end to this.