I upvoted this because it's also my experience. It's so frequent that I've stopped telling people when I discover their Wordpress is hacked, because half the time they don't care (!), and the rest of the time they beg me to help them fix it for free - instead of paying one of the many WordPress consultants who specialize in fixing hacked WordPress sites.
The most common hack I've seen is one where the admin doesn't even know, because it redirects some visits to their site that have Google in the referrer. Because they rarely Google themselves while logged out of WordPress, they never know every page on their site is redirecting to MyCoolMalwareDroppr.
The most common hack I've seen is one where the admin doesn't even know, because it redirects some visits to their site that have Google in the referrer. Because they rarely Google themselves while logged out of WordPress, they never know every page on their site is redirecting to MyCoolMalwareDroppr.