I have had an inordinate amount of hits on the file admin-ajax.php and discovered a mysterious admin user on my blog.
I have changed my password. Disabled the phantom user and disabled the admin-ajax.php file for short term.
I have also read that changing the htaccess file to include:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wordpress/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
</IfModule>
# END WordPress'
Would keep anyone other than the server from writing to the database but it warned that this fix will preclude me from adding new categories.
Has anyone else had a similar experience? Is there a better solution?
www.businesscardtobusiness.com/blog