WordPress Zero Day Exploit
For information, WordPress recently fixed a critical security two days ago. In a nutshell, any commenter can craft a comment that will execute arbitrary code on your VPS when you view it as an admin user if your site is not patched. All WordPress versions were affected. Only the 4.x branches got fixed. If you haven’t upgraded your WordPress site yet, be sure to do so ASAP.
If you’re unable to update your site due to an incompatible theme or plugin or other, I can direct you to WordPress specialists who can help you out. Until you do upgrade, consider disabling comments on your site to avoid any odds of getting hacked.