I got hacked again today. The last time was months ago and I took steps to improve my security and have a strong password, etc.
Today I seem to have been affected by a combination of two things - the bad behaviour spam plugin and google ads being also apparently compromised their server side.
Something happened with Bad Behaviour plugin and it would not allow me to do any admin work. I could not even perform a backup as every action resulted in an error to say my IP address was blacklisted, when it wasn't.
Secondly, I hear that google ads was compromised, I do not use google ads, however I think that Bad Behaviour plugin uses it to some extent to blog spam.
Whatever the workings of what happened, I ended up with Tramadol and gambling links on my website theme. It appears my page.php was hacked with loads of links.
Everything is sorted now, I have disabled Bad Behaviour plugin despite it being originally very good. I have also deleted that theme that was hacked and changed my admin password and hosting password.
But obviously this is a worry and even though i have suspicions of the cause of the problem, I cannot be sure both events were linked. Could it be a wordpress exploit? I am running the newest version.