As some of you may be aware the last 72 hours has seen a massive spike in brute force attacks on wordpress sites.
Please ensure that your admin passwords are set to very very strong and make use of as many different character types as possible.
In particular look at your error logs, watch for a lot of failed login attempts.
Use plugins like wordfence that allow you to limit the number of failed login attempts before banning someone.
For more information read here:
I had one of my own sites basically crippled yesterday which resulted in it needing its permissions set to 0 and http being suspended on the server whilst we got the situation under control.