Did some searching on it.
I'm getting some more WP security pulg ins.
Anyone using Wp needs to check their site. 
Hackers continue to subvert hundreds of thousands of Web pages with IFrame redirects that send unwary users to malware-spewing sites. It was apparently reported that these IFrame redirects have slowed, but they’re still occurring at an alarming rate. A friend of mine, who owns the blog called YourSEOSucks, was recently exposed to the IFrame hack using WordPress 2.7.1.
How it works:
Hackers are likely relying on an automated tool to do the dirty work, the hackers add IFrame code to the saved search results on the sites. The next visitor that uses the search tool is then redirected to another Web site by the IFrame code. The second site in turn puts up a message telling the user that a new codec (coder/decoder) needs to be installed. Accepting the codec takes the user to still another site, which actually hosts the malware — a new variant of the Zlob Trojan horse — and installs it on the victim’s PC.
How to secure your WordPress:
Download Secure plug-in: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
Download Security Scan plug-in: Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
If you are using an unsecured FTP client, you are in danger of exposing your passwords to hackers because the passwords are passed between your FTP client and your website in plain text. Use a program like WinSCP, or a FTP client that allows you to connect to your site using SFTP, SCP. Both of these methods encrypt your user name and password, making it much more difficult for a hacker to discover them, even if they intercept them with some sort of packet sniffer.
Lock her down!
