On Wednesday I explained how your Joomla site might be exploited
"Just because you keep your server secure and your software up to date you may have been exploited yesterday, ready to be hacked tomorrow."
Today I read an article explaining the exact same thing happening on a Wordpress site. I had tried to explain this to the site owner 6 weeks earlier but...
Oh well maybe they will listen next tie and save time and heart ache fixing the problem.