If running WP site(s) on the same hosting, make sure that they are at the latest version for add-ons and core WP.
If on a shared hosting, check with host and see if mayhap they have had a intrusion that is effecting other shared sites on that server.
If on a dedicated server/VPS, you need to make sure your firewall is configured correctly and your OS is kept up to date and you don't use simple passwords. Further you need to make sure that you have disabled root logins via SSH.
Of course, if they have installed a root kit, you need to provision the server again and then follow standard security practices.