Did your site ever had a brute force attack? Are you aware of it? In this post made by Tony Perez of Scuri Blog, he tells the story of how a brute force attack was able to hack into his site and how an unused WordPress theme was used as a medium to to do it. The attack was a defacement of the site, but this is only a part of what the hacker has in store. The good thing is that the attacker wasn’t able to inject backdoors into the site.
As a website owner, the one thing that will keep you from the hacker is to generate a secure password for your site.
Learn the reason and how he was able to safely get out of a brute force attack here: http://blog.sucuri.net/2013/07/dissecting-a-wordpress-brute-force-attack.html