Google Email leads to discovery of hack

One of our site received an email from google that it was not being included in the index for about 30 days. The site apparently had some spammy links that were hidden in it.

We didnt put it there so we were alarmed at how it was included.

It seems that the header.php was not secured and hackers were able to insert the spammy comments/links. This is a lesson we learned the hard way. So for wordpress themes, make sure that they are secured by mod 644 or better.

Updates:
My staff tells me that Taragana analyzed this wordpress hidden site problem.