Critical: Someone has logged into my site and installed a theme


As you can see in the screenshots someone has logged into my site at 5.41 a.m and installed a theme called the wrc theme viewer,
Here are the full details:
Theme Name: Default
Theme URI:
Description: The default WordPress theme that graced version 1.5 to version 2.9, based on the famous Kubrick.
Version: 1.7.2
Author: Michael Heilemann
Author URI:
Tags: blue, silver, white, two-columns, fixed-width, right-sidebar, fixed-width, custom-header, threaded-comments, sticky-post, rtl-language-support, translation-ready
Text Domain: kubrick

Kubrick v1.5

This theme was designed and built by Michael Heilemann,
whose blog you will find at

The CSS, XHTML and design is released under GPL:


Now the problem is there already was a theme called default and it was the directory theme. This theme has completely overwritten the earlier one and now these sites are not displayed correctly,

Apparently the intruder hasn't done anything else than installing this theme.

1. How's this possible? (I've only given admin credentials to people who I trust and I know they wouldn't do this)
2. How to prevent this from happening in the future?

(I have a snapshot so hopefully I can resolve this)

Highly appreciate any advice