A couple weeks back I noticed that Google had appended a warning to my search results. I tried to fix the vulnerability, with little success. (It seems I'm over my head when it comes to PHP, so I couldn't do much.)

Since then, I've upgraded to WordPress 2.5 (from 2.3.3) and deleted all the user accounts except for mine (I heard there was a bug in WordPress that let registered users mess with the site's files).

When I asked my hosting provider about the problem, this is what they sent me:

It has come to our attention that your web space has been hacked:

access.log.current:203.144.144.164 - - [14/Apr/2008:15:33:46 -0400]
"POST /wordpress/xmlrpc.php HTTP/1.1" 200 163 samnabi.com "-"
"Opera/9.01 (
Windows NT 5.0; U; en)" "87.126.31.177"

I deleted the file xmlrpc.php and replaced it with the newest one from WordPress.

What I want to know is, did I fix the problem, or is there a security hole still in there somewhere? I've got very limited PHP knowledge and if anyone can tell me what I should do, that would be awesome.

following on from what aaroncampbell said - it's probably best to backup your database, delete all your files and reinstall wordpress 2.5 from scratch.

thanks everyone. looks like the problem's fixed for good now, and the search listings have been brought to google's attention so they can review them.