So, few days ago my site was defaced. Freakin defaced.
The method is most likely cookie stealing. Don’t ask me how. Basically there’s no access to wp-login.php which means the culprit was somehow able to get my cookie in one way or another. After got into Dashboard, he went to modify one of wp theme available and do some fun.
Thank god there’s backup available by the host provider (yay). Restored from backup and everything went well.
Disabled advertisements since it’s the most suspicious vector.