Most of the time when a blog is hacked, the first thing that comes to my mind is that the blogger might have been using a WordPress theme that contained malicious codes.
If the script was gotten from the original/premium vendor, then we can start pointing accusing fingers to the host. The point is this; most beginners who choose WordPress as their preferred CMS platform have little or no knowledge about authenticity of a theme and what risk his blog is subjected to if he has no knowledge about what kind of codes has been encrypted or hidden in his theme.
Anything that is free, one has to be really careful about it. Do not get me wrong, they are some great free theme that can really kick-start your blogging life, and the vendors will always tell you to keep some links otherwise your theme would be broken. While other will lure you into getting a premium-like theme (a nulled theme) for free without telling you the risks involved. Be very wary of such free lunch.
Incase you have already installed a theme and you are not sure about it, you can put an end to your panic by downloading the awesome Wordress plugin; Theme Authencity Checker – TAC. It will scan all your installed themes and notify you of any theme that is infected and most importantly, Theme Authencity Checker – TAC shows you which file the malicious code located. Isn’t this really cool?