In this post I will show you how a typical WordPress site that was poorly configured got hacked, leading unsuspecting visitors to a very bad surprise. When a website is poorly configured, someone can upload backdoors (program used to completely take control of a server) as well as alter core files. By injecting malicious code (iframe or other type of redirect), the bad guys will leverage a sites traffic and send anyone browsing to it to some exploit site (i.e. a BlackHole Exploit page)”]
Source: https://blog.malwarebytes.com/threat-analysis/2012/11/from-server-hack-to-client-side-ransomware/