I recently had a website that was running a clean 2.9.1 install with only classipress theme (modified by me) hacked. They compromised the entire server down to the root level. The site had been "public" for only a fe days. I had user registrations turned on but was experimenting with some other plugins to hide the wp
-admin dashboard and to redirect the login/logout urls. Plus I had recently installed a plugin that lets you set user registration to be "authenticated" (by having the server send an email with a link the user had to click on). I installed that plugin to help combat some registration spam I had seen over the course of the last few days. I deleted about a half dozen user accounts today prior to the hack but I'm not sure if the hack had already been made and was set to run at a specified time. At any rate, I am posting on all boards in order to hopefully track down the issue. I am afraid to even run my site again for fear of it happening again. Any ideas or suggestions would be great.