I received an email just now from my hosting company that they detected phishing files had been uploaded without my knowledge to a couple of WordPress related folders for one of my domains that I don't use or access very often. They said they'd shut down the site if they weren't removed soon so I went in and found the files they mentioned and deleted them. They were all in either WordPress theme folders or plugin folders.
I'm wondering how this happened, is there a better security or access I need to change to ensure that this doesn't happen again? Do I need to change my database or WordPress password for that site? I use extremely random passwords so I'm wondering if that was the case how anyone could get in.
Sorry, I'm very naive and am looking for some answers and solutions and would appreciate any insights, thanks!