A large number of WordPress websites were compromised in last two weeks with a new malware campaign spotted in the wild. Malware campaign was operational for more than 14 days ago, but it has experienced a massive increase in the spread of infection in the last two days, resulted in affecting more than 5000 WordPress websites. This new campaign seems to be utilizing the Nuclear Exploit Kit and uses a combination of hacked WordPress sites, hidden iframes and number of known and unknown Browser exploits. The solution is to restore files from a clean backup.
Source: https://thehackernews.com/2015/09/hack-wordpress.html