These people sure know how to leave their mark. I should have been careful with my password in the first place, it was too easy. Looking through what they did and then working my way to get my site back, I could figure out the steps they followed:
1. They guessed my password using brute force, or something more clever, like sql injection.
2. Then they proceeded to lock me out of my own site by changing my wordpress login, this step makes me feel they used sql injection.
3.They modified my existing wordpress theme to tell me and the visitors that they were here.
Till now, it seems they didn’t mean any serious harm to my site, but I will have to do some research to really be sure.
unitedroad aka Dhruwat Bhagat