Well, it’s only fair to report that my problems with Dreamhost have now been resolved. Not entirely to my satisfaction, but at least the site’s live again.
There still wasn’t much information forthcoming about the reported exploit in WordPress, so I deleted all the remote files at Dreamhost and re-uploaded WordPress. Disabled any plugins that might have included email functionality, etc, etc and changed the passwords.
To make sure I wasn’t violating any terms of service or whatever, I emailed the support guys and told them what I’d done. I asked them to leave the site live to see if the problem would manifest itself again.
Dreamhost support responded to say that they were happy with this course of action and would leave the site alone to see if this happened again. They also advised that after any perceived security breach I should change my access passwords, which I’ve done.
So I’m happy for the moment….