This is what needs to be done to my word press site based on diagnostics from a security plug in on my site.
Website URL: Poppchiropractic.com
Thank you for contacting the Website Protection Customer Security Advisors.
In review of your site, it appears that your poppchiropractic.com hosting account was compromised on or before August 24, 2011. Logs for this time frame no longer exist which prevents us from finding the root cause of the compromise, however, due to files found in your account it is possible that you were compromised via a vulnerable version of the 'TimThumb' script within one of your Wordpress themes. This has allowed attackers to upload malicious files to the hosting plan. We would highly recommend that you update the versions of Wordpress in use on your site to the most recent version including all themes, plugins, etc. We recommend that you review all site content and files to remove any malicious files and ensure that no further modifications have been made to the site. We would also recommend restoring your database and files from known clean backups that you have kept.
In addition we would recommend you scan your local workstation for any virus or malware content as well as update all passwords such as your FTP, database, and admin login passwords for your application. Due to the nature of this issue it is highly recommended that all site content is removed and a clean installation of your application is performed. Before completing this you will want to ensure to have backup data of all your site content such as images and text. However, you will need to take care to review the backups you make as the attackers may have made extensive modifications to the site content. Re-uploading compromised or altered data could allow an attacker to modify the site once again.
Please keep in mind that you need to use secure passwords. A secure password contains: 7-14 characters in length, upper case letters, lower case letters, symbols, and numbers. This password also should not be based off of any words that can be found in a dictionary or contain your user name. Please refer to the following article for more assistance on generating a secure password: