Site attacked with WordPress 3.0

There’s no evidence to suggest that the loophole was in WP 3.0. It could have come from anywhere on the server.

Most probably you had a backdoor hidden in there even before you installed WP 3.0. Try searching for .php files inside wp-content/uploads, since these is a common place to have backdoors hidden.

If you had spam on your blog, this article show some techniques and tips how to fix it:
https://blog.sucuri.net/2010/06/cleaning-spam-from-your-wordpress-blog.html

I am cleaning up numerous websites (all WP based_some with WP 3.04-some inactive) that are all belong to an server account with multiple domains. It appears that the rogue files were uploaded on Dec 17 2010 and somehow activated in the new year with rewrites taking place just after 12 am Jan 1 2011. There were 2 php files in the main directory of the sites that ended up modifying my index.php files. Is there somewhere that I can get some assistance with security for this? My server support seems to be shrugging their shoulders.
Thanks, Terry

See:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Otherwise, please post a new topic.