help-no-details-given.txt

- Checked your local machine for keyloggers, spyware, etc? A hacker could've obtained your password at the time that you yourself entered it in order to log in, by way of a keylogger or spyware.

- Checked your router to make sure your traffic isn't being proxied somewhere without your permission? If you've become the victim of a MITM attack, or if your router has been tampered with, you'd better just change every one of your passwords to everything, right now, because anything you've logged into since your router became compromised should now also be considered compromised, too (assuming that router tampering or a MITM attack is the case here).

- Checked the security of your server? If the server itself isn't properly secured, and if it's possible for a hacker to directly access your database or your files via a server vulnerability, it won't matter how secure your actually Wordpress installation is. I've seen a large number of servers (even those owned by professional hosting companies!) that aren't properly secured; At least twice before I've actually seen MySQL servers that weren't even password protected at all, whereby anyone could simply ascertain where the server was located, jump in and do whatever they want. If you're using a server like this.. Run away as quickly as possible in the opposite direction; Find a new hosting provider.

- Checked your plugins? The #1 greatest reason for Wordpress sites being compromised nowadays is dodgy, insecure plugins. The Wordpress core itself is actually quite good in terms of security, when it's secured properly and not misused. However, plugins for Wordpress that haven't been properly secure do exist. Are you using plugins? Have you checked through them all?