So wordpress installs everywhere have been under pretty heavy attack, and the attack seems to be evolving – they’re reading the same pages we are to remove the hacked code.

I found a good way to check if you’re hacked is to install noscript (http://noscript.net/) firefox extension.

Then navigate to your “Users” page in wp-admin and if you have been hacked into you’ll see extra admin users (in my case three). They are well created using names from your email address etc. They can be deleted in the usual way- keep checking to make sure they don’t reappear AND make sure you’re updated to wordpress 2.8.4

This really shows the power and dangers of javascript.