WebsiteBaker does not have any intrusion detection on the admin pages, so any brute-force attack can go on for a long time without you knowing about it.
There is a solution.
Read the full article
A vulnerabity was found in WebsiteBaker version 2.8.3 SP5.
The problem was existing in earlier versions too, so action is required.