Your idea is not a money-maker, but thanks for playing.
From what I've seen, the primary reason Wordpress installs get exploited is to install advertisements or links across every page of the site. The links are intended to boost somerandompharmacy.ru's Google pagerank, to the benefit of its owner. The advertisements generate revenue if someone clicks them. Sometimes they'll add a drive-by browser exploit to own visitors directly, who knows what they do to monetize that; ransomware, bank trojans, etc.
If you don't see any financial motive for these compromises, you aren't thinking hard enough.