This is really fascinating. Loaded with techie stuff for you and no smoking gun but my feeling is that we will not get ALL the information that's classified on this topic.
Regarding WordPress, hacking, etc. this article is pretty in-depth. The comments are fun too.
US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware
The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.