Botnet attackers have infected 20,000 WordPress sites
-
According to an article on this morning's Naked Security blog published by Sophos to discuss threat news, opinions, advice and research on computer security issues, many WordPress sites have have been compromised using "brute-forcing administrator usernames and passwords".
I know a few here who have WordPress sites, so verify your site has not been infected.
There is no mention of whether or not these are WordPress.org sites or WordPress.com sites so as mentioned, check at least your audit logs. -