I keep a Wordpress.org blog under my own Yahoo-served web domain. I got an email today that read (I've omitted the names): New user registration on your blog: Username: [omitted] E-mail: [omitted] So I go into my Wordpress dashboard, and this dude has somehow added himself as an Administrator. I deleted him, of course, but how does somebody bust in and plant admin privileges on someone else's blog? Is there nothing to prevent it? I seem to catch all the spam comments with no problem, but it looks like I have to do something more.... Advice?