tedster - 1:00 pm on Apr 5, 2013 (gmt 0)
Good points, joyj. No one should underestimate the hacking threat to common CMS systems just because it hasn't happened to them yet. Hackers no longer just deface sites - they have a profit motive and they are quite savvy. In fact, analyzing what a hacker did and why can be quite educational about Google rankings. It's no wonder Google sometimes doesn't clean up spam right away and would rather study what the spammers are doing when it works.
Hackers will sometimes cloak their parasite content so that only a googlebot user agent will see it. Seeing these hacks is one of the main reasons that Google created the "Fetch as googlebot" tool.
Last year a friend approached me with a solid business site that had been hacked and lost almost all Google traffic. It was a challenging thing to fix - we had to move to a new physical server box and rebuild the site from a relatively old backup. (I'm happy that there WAS a backup!)