Okay, I have a small, un-obtrusive website for friends and family at netsua.com, which is a sub-domain of teentechbuzz.com. And two days ago, we were hacked. How? I don't know. Both sites were using a slightly outdated wordpress. We updated it, we changed the password, they still got in. All they did (at first) was make an index.html that overrided the index.php.

We had a little fight like this for a day or two, then we tried wiping out the database. It didn't work, they still got through. Then they wiped out all of the files on my site. (netsua.com) Luckily, I had backed them up the day before, and they're safe and sound on my computer, but I don't know what to do.

They are still able to get in, even after changing the password 2, 3, even 4 times. I'm at a loss. Please help me! I'll answer any questions with more details! Is this a bluehost problem? Should I be calling them requesting them to fix this security hole, or is it my fault? Please help!

Are you using any plugins? Are there any files you don't recognize on the site?

I was, and then I disabled them. Any files? Well, now they've deleted all the files - at least for my subdomain. I'm not really sure what to look for, though on the main domain.

Not sure if this helps, but here is an official link on how to secure your installation: http://codex.wordpress.org/Hardening_WordPress

___________________
http://phaselight.com