Being an admin for WordPress is hard. Mainly because WordPress, like very other CMS application out there, has security holes. Those holes allow people access to do something simple or complex. The sites I run, the hacks vary. One day it may be a simple upload/file sharing hack. The next it might be a mass mailer trying to use my server’s mail application for itself.