Defaced – how they gain acces to FTP?

The only way to know for sure is to go through your server’s log files.

Your FTP logs should indicate if anyone other than you accessed the FTP server; if so, then perhaps someone picked up your password, which isn’t terribly difficult since it transmits in clear text. Do you share a network with unknown people? Have you used FTP at an open WiFi location? There are many possibilities.

If you’re on a shared host, then it’s possible that someone else’s site has been compromised and your site’s directory was also targeted. Again, the log files should tell the tale except for the most devious of crackers.

Which plugins do you have installed, dandr69? Are they all up-to-date? In the past, I’ve had my blog defaced due to a security vulnerability in an older version of a plugin.

If your .htaccess file is setup properly – nobody should even be able to view your files, let alone modify them. Get on the web and search for one of the many sites explaining constructing a good .htaccess file and what to put in it to prevent such nonsense.

The file should then be uploaded to your servers root – not the WP root.

Thanks for the advice.
My hosting people discovered that the problem was in my “friends” section, I use PHPizabi for connecting with friends. It gave them complete accesss to the site, including WordPress.

Also this problem was connected with the fact that Register Globals and Safe Mode were both On.

Dandr69, thanks for taking the trouble to post your solution.

Do a search for PHPizabi. You may find that there are serious allegations/history…