My sincere apologies, for a number of posts that appeared on this website this morning. If you are subscribed to the RSS feed you may have seen some of them in your RSS reader. These have now been deleted from the website. Please do not click on any links in these posts if you still have access to them for one reason or another.
It appears that someone used a common password guessing strategy to log in to a default ‘admin’ account on WordPress, using perhaps one of the many passwords that have been leaked as attached to my email addresses across various services over the last few years.
I’ve now fixed these vulnerabilities – deleted commonly named accounts and resetting passwords to not allow for this sort of brute-force hack.
Please change passwords often especially if you feel one of your passwords may have been leaked. This is even more critical if you share passwords across services.