So I got a user tell me that their AVG blocked my website (and all my websites in my Bluehost account) due to a BlackHole Exploit Kit.
I downloaded AntiVirus plugin and that plugin detected files in my theme that got hacked. Sure enough index.php and other files got hacked.
I basically deleted those files and re-uploaded them.
Then I re-installed my version of Wordpress for each website. Pain in the ass!
Does anyone know how to avoid this in the future? I learned how to fix it but not how to avoid it.