I’m not convinced I solved my problem yet — and am now in the middle of transferring content onto a new installation to make sure — so my first ‘insight’ would be to say — keep your WordPress install relatively up to date. I didn’t and I’m now regretting it.

How can I spot it?

This was fairly easy — I simply looked at the users screen within wp-admin and saw I had one more administrator user than I should have. What is interesting is the nefarious user includes a small piece of code in their username that then hides their line in the users table.

What did you do next?

I actually spotted this issue when I spotted a user kept vanishing as I refreshed my user screen (thanks, Firefox for not being too fast). I used this to my advantage and, after a few attempts managed to select this user and delete them.

Did this solve the problem?

Dunno — I’m getting around it by migrating the fairly minimally populted site to a new server (something I’d planned to do anyhow).

I’m sure this is far from a full explanation on the subject — but I thought it was worth documenting!