I don't quite understand a few of WordPress's functions, as it pertains to being hacked.
I have a folder of XML files. When I look at the actual XML files (downloading and inspecting the actual file) - they're fine.
When I browse to the file on the server - it comes back as an HTML document - with "Hacked by so and so" on it.
How is the actual XML file being intercepted and then rendered as an HTML file? Is it that xmlrpc thing? Or?
Is that a function of WordPress?