One of our clients had his website hacked. The site was automatically sending out over 30,000 emails a day. The CEO received a call and a visit from the Jacksonville FBI! And we were tasked with making it stop.
This is only a one example of what has happened. Another client had his website hacked and it could no longer be seen by some visitors on Google, Yahoo or Bing. Oh, he could see it, but many potential clients could no longer see it. They were served up a completely blank page. Another client's rankings severely dropped. He wasn't getting calls or emails from the website anymore. Another client had pages of his site completely rewritten promoting a gang in another country. WordPress is a popular content management system (CMS) and recently has fallen prey to hackers. It is not the only CMS that can be hacked, the others are also vulnerable. Content Management Systems need regular software updates. And the plug-ins also require updates. Some of the plug-in updates have a fee. Sometimes the sites only take 15 minutes to update, and sometimes they can take a couple of hours. The problem is that some updates can wreck parts of your website, especially if your site has some custom coding. So, each link and functionality needs to be checked throughout the site. Here is a link on the WordPress website to review some procedures: http://codex.wordpress.org/FAQ_My_site_was_hacked. PC World says over 50,000 websites had been hacked (as of July 2014) through a particular WordPress Plug-in vulnerability: http://www.pcworld.com/article/2458080/thousands-of-sites-compromised-through-wordpress-plugin-vulnerability.html.
Here is a link about the Russian Malware associated with WordPress, it says it has affected over 100,000 sites: http://gizmodo.com/mysterious-russian-malware-is-infecting-over-100-000-wo-1671419522
Make sure you make a regular back up of your website (or have your web developer or hosting company do this for you). You may have to take down the hacked site and put up an older version. You sure don't want to go back to a version that is 5 years old!
Website security is not to be taken lightly. It can suck all of the Google Juice out of your website. Your IP address can be black listed, as well as your email.