Wordpress sites are currently being compromised by a virus and so far thousands of websites have been infected. The bad news is that a simple patch alone will not fix it.
The virus redirects wordpress website users to another site which eventually exposes them to the Neclear Exploit Kit - malware that then delivers randsomware.
The virus is designed so that even if you change your password, the malware will still have access.