I'm trying to find out how the hack penetrated the sites - PHP, WordPress core, a plugin, a theme, etc. Until I know the attack vector, I cannot take useful steps to protect these sites.
Google searching has not pulled up anything useful, and I'm surprised I couldn't find anything here either since it seems to be a fairly wide-ranging hack.
SO, anybody have information to share? Thank you.