It appears this blog got hacked, back in 2011. I ran a security scan a little while ago, and it picked up two files that were suspicious, and indeed they were files that weren’t supposed to be there. The file date was from 2011, when this blog was running at another hosting company. I deleted the files, but I doubt they were doing anything still.
A vexing problem for me is spam user registrations. I have no idea why they do it, but there are dozens every day. I installed a plug-in that is supposed to stop this, including all sorts of puzzles and CAPTCHA’s—totally ineffective. Today I put in a new plugin called “STOP SPAM” that is not only supposed to stop spam comments (not much of a problem here) but also spam user registrations. A new version just came out and I’m impressed and so far no spam user registrations. It even has a security scan.