Don't know why it should be only Wordpress sites. But I've removed multiple malware attacks in 3 - 4 client websites in the last 3 years, and All of them used Wordpress. Most importantly, (I think this is the main reason) all of them runs in web servers that allow Automatic Updating of plugins without FTP.
Recently when one such attack is reported in a client website, it's a bit elusive. It had a tiny 1 pixel iframe appearing on top left of page. The source revealed a javascript code. But it doesn't appear on any other page, or even if we visit the same page again! We couldn't find them again on the day. The support people in web host also confirmed they couldn't find anything amiss.
It does showed up again, but very rarely. The javascript code was confirmed as malware, but we couldn't locate it in the usual places we found them in other attacks. Anti-malware checks report them but not always. People who said they got malware warnings again called up to say it doesn't show warnings later on. It was really freaky!
It took more than a week to figure out how it works. Finally detected the pattern of appearance.
That finding only left the possibility in .htaccess file. A good look in .htaccess revealed a necessary code. It also showed the location of actual culprit file. This particular site have an elaborate use of .htaccess, more than 100 lines of code in it, so it was not visible when we made a cursory glance on the first time.
Details on how to clean it up is available at Sucuri.net. http://blog.sucuri.net/2010/12/malware-update-publifacil-org-htaccess-changes-and-pe-php.html. The file invariably starts in PE. In our instance, it was PEcutup.php (it was not mentioned in the site, but be prepared to find new names if you come face similar situation!)