My friends wordpress site looks to have been hacked. He only new because his click thru rate dropped to zero overnight. When he clicks on his links they look fine and look like they are going to the right place. when I click on them (located 2 hours away) every link goes to a 404 page and the URLs look like "domain.com/part of domain name/_/135/12" (different number for every link). He's restored it a number of times and it works only briefly (day or hours). Malware - we are realizing that it seems unlikely he'd be getting rehacked every few hours.
Ha- after days we have figured it out.. BulletProof Security is a plugin that alters the htaccess file - seems to be the culprit