Visitors to this web site over the past year or so will know that our web site was cracked earlier this year. (We do not use the word hacker, that is different). We take full responsibility for this lapse in security. Our site was one of the first WordPress sites we'd ever developed at the time and so the development of the site was a learning process for us as much as anything else.
What this naivety meant was that our site was attacked and the WordPress username and password cracked because, out of the box at least, WordPress security is pretty lame.
We took advice from our server hosts who recommended a set of actions to clean out our WordPress invader and then secured our web site with a rather useful security tool. This particular tool, Limit Logon Attempts, will detect multiple bad logins and then block login to the site from the detected IP address for a user configurable period of time.
This particular tool can be configured to email us when a there have been too many bad logon attempts, and also keeps a database of recent lockouts and will deny access to these systems.