We have also seen a sharp increase in Wordpress infections / exploits over the last 2 months, specifically the past 14 days.
I can tell you for starters, most Wordpress "hacks" start from a "freemium" plugin - e.g. Revoslider / Gravity Forms.
These type of freemium plugins are BAD for serveral reasons, but the major one appears to be, even if an update is available, the plugin will report it is completely up to date. You only get the real "updates" once you've paid. This is obviously becoming a favourite vector to be exploited by hackers / script kids.
The other vector appears to be a lot of the "free" wordpress template websites offer deeply infected templates, pree loaded with well-hidden functions to quickly gain write/email access to any Wordpress site. If forced to, I would suggest only using templates available through the actual Wordpress template market (internal template search function).
In my experience, looking after web hosting clients for a long++ time now, the Wordpress platform itself is increasingly becoming the #1 bit of open source CMS to be targeted. To be blunt, I've stopped using wordpress completely as of the start of 2015 and would advise you all to do the same until they fix the issues. I wish everyone would stop jumping on the "Wordpress is easy and awesome" train and making the issue worse.
On a side-note, the topic of this thread is very true, but as always, make sure you're able to confirm your backups :
1. Happen regularly
2. Cover ALL important data
3. Are tested regularly to ensure there aren't corruption / restore issues.
4. Are retained for long enough to ensure nothing major gets lost.
Having backups for "hacks" is also only any good if you manage to patch the exploit that led to your site being hacked/defaced in the first place. Every week, we restore a website only to have it broken again within 48 hours because our advice wasn't taken on-board. Shits me to tears.