There is an ongoing and highly distributed global attack against WordPress websites with the goal to crack the admin account and to then inject malicious code/scripts to the account.
This attack is happening at a global level and WordPress websites across web hosting providers are being targeted. As the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious requests to our network.
To ensure that your WordPress website is secure we recommend that the following steps be implemented:
1) This goes without saying, keep your WordPress install plus any plugins/themes up to date
2) Install this plugin: http://wordpress.org/extend/plugins/better-wp-security/
3) Ensure that your admin password is a good secure password
Here is further reading on securing WordPress from WordPress.org: http://codex.wordpress.org/Hardening_WordPress