As I write this post, there is an on going and highly distributed, global attack on wordpress installations to crack open admin accounts and inject various malicious scripts.
This attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.
To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps:
Update and upgrade your wordpress installation and all installed plugins
Install the security plugin listed
Ensure that your admin password is secure and preferably randomly generated