NOTE: Based on my 8 years of answering questions here, if any person or any bot is posting anything to your blog then you have provided them with the ability to do so, either deliberately by adding them as official users, or by allowing them access to your login information, or by posting content that makes it easy for them to guess what your log-in information is.
You may want to ask yourself these questions and act on any answers that pop up:
Who has access to your login information?
Did you use the same password for your email account and your blog and for any other accounts?
Are you sharing log-in information with anyone else or leaving it where anyone can locate it?
Is your password a weak one that others can easily guess?
Are you remaining logged in on your computer so anyone can come along and access your blog through it?