An increasingly vast number of WordPress sites are being hacked to deliver ransomware and other horrible software to unsuspecting users. It is not yet clear how this is happening but it is being looked into considerably. Anyone who visits WordPress sites using out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer can find their computers infected with the ransomware package, which puts a hold on your computer system until you pay a hefty ransom.
This malware is set up to infect only first-time visitors to avoid detection by researchers visiting the site. To disguise the attack moreover, the code redirects users through a series of sites before delivering the malware. It is a possibility that hackers are consistently refreshing when old ones get flagged.
Once a system gets infected, the malware installs a variety of backdoors on the web server; this causes many hacked sites to repeatedly get infected. To prevent reinfection, you need to isolate every site or update and protect all of them at the same time.
This goes to show that malware can exist on sites that people trust. The best way to prevent hacks is to be up-to-date on security updates when they become available.