It is possible that your saved FTP password in your FTP client were stolen by some malicious code coming from e-mail etc. (worst case is Total Commander – its FTP config file is often a target of lot of mailicious sw), this is most common case (then attacker modifies some template files like footer or header and put there some iframe with/or obfuscated code).

Just try to avoid saving FTP passwords or use some strong password manager for keeping those and filling forms for you instead of saving it directly in FTP app (there is lots of password managers – depending on OS you are using).

I also recommend you to hide WP version you are running and rsd and wlwmanifest if you are not using Windows Live Writer or other external thing to publish or suck data – just by putting these three lines (if you are using Flickr or Twitter or other plugins, use only first line):

remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');

at the end of functions.php in your theme directory, just before last php closing tag – ?>
- it will (partly) prevent attacker from getting to know which version you are running (secondary you need to apply your own login style, since it is changing almost with every version it is easy to guess wp version by its style).

BTW do not upload readme files (even to plugins) etc., it is easier for hacker to get wp version directly – see readme.html or readme.txt in root of your website…

You can also create new admin account with some different name than “root”, “admin” or “administrator” and after creating this admin accout log in to it and then delete “admin” account. WP will ask you what to do with posts, pages and stuff, created by admin. You can convert those to your newly created account just by selecting account from selectbox.

Good luck and happy blogging!

PS: Excuse my language, I am not native EN speaker.

Just try to avoid saving FTP passwords or use some strong password manager for keeping those and filling forms for you instead of saving it directly in FTP app (there is lots of password managers – depending on OS you are using).

I also recommend you to hide WP version you are running and rsd and wlwmanifest if you are not using Windows Live Writer or other external thing to publish – just by putting these three lines:

remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');

at the end of functions.php in your theme directory, just before last php closing tag – ?>

- it will (partly) prevent attacker from getting to know which version you are running (secondary you need to apply your own login style, since it is changing almost with every version it is easy to guess wp version by its style).

BTW do not upload readme files (even to plugins) etc., it is easier for hacker to get wp version directly – see http://www.happysoda.com/readme.html or http://www.happysoda.com/readme.txt

Also create new admin account with some different name than “root”, “admin” or “administrator” and after creating this admin accout log in to it and then delete “admin” account. WP will ask you what to do with posts, pages and stuff, created by admin. You can convert those to your newly created account just by selecting account from selectbox.

Good luck and happy blogging!

PS: Excuse my language, I am not native EN speaker.

This is a pretty common exploit, and thankfully not that difficult to prevent. Good luck to ya.