The good news about WordPress is that the development team is very proactive and frequently releases updates that patch security holes reported by other WordPress users. The bad news is that this means that frequent updates must be applied in order to keep WordPress secure.
There are several reports indicating that hackers are taking advantage of recent security holes reported by WordPress users and software security companies. Numerous WordPress users are reporting that their site have been compromised. There have been several security updates since the release of version 2.8.0. If you have not updated your site, you need to update it ASAP. The current secure version at the time of this writing is 2.8.4.
With this hack, permalinks may have been changed and a new administrator may be added that could be difficult to remove. Lorelle covers the issues in an articles named, Old WordPress Versions Under Attack. Unfortunately, an “old” WordPress version may be an update that you installed just two weeks ago.
When you apply the update, it is also a good time to update any plugins that are calling for an update on the Plugins page. Most plugins have been updated since the 2.7.x versions of WordPress. Be aware that many older plugins have not been updated and may no longer be compatible or secure. In some cases, they have been abandoned by the authors and it may be time to look for a new plugin.
Be aware that not all attacks on WordPress sites are due to security issues found in the WordPress code. For open source software, WordPress is generally very secure because the development team aggressively goes after vulnerabilities when they are found. Many hacks are due to weak security at hosting companies or the use of weak passwords. There is also a Trojan that is infecting PCs with a virus that sends password files to the hackers. If you use the FileZilla FTP utility and the Trojan virus infects your PC, a security vulnerability in FileZilla may send your unencrypted FTP user names and passwords to a hacker.