A lot of people seem to assume that WordPress is secure right out of the box and that adding plugins to it makes it less secure.
Of course, the more plugins, the more vulnerable it becomes, however, sticking to well supported plugins helps you to avoid this issue. One of the most common ways attackers access your website is via an outdated WordPress installation.
Today is February 1, 2015. If you have gone even 4 – 6 weeks without updating your WordPress you are vulnerable of over 23 well known exploits.
If your site has never been hacked before, you’ve been LUCKY. Well over 30,000 sites a day are hacked. It is not if, but when. If your outdated WordPress install has not been hacked, it is either hacked and you just don’t know it, or, an attackers bot has yet to crawl your site. I have sites that are attacked over 50x a day. I have had my own sites broken into and I’ve had friend’s sites broken into.
In addition to the above there are a lot of things that can go wrong. Simply running an update can corrupt the database or updating a plugin can make others quit working properly.
Usually when a site is compromised it is either used to hide backlinks or send out spam. When spam is sent out it affects everyone on the entire server. Often, when a site is hacked, it is banned and taken offline until the owners can have it repaired. Entire companies now exist to repair WordPress sites and make them secure!
The best medicine is prevention which is why we now offer a completely managed WordPress hosting solution on a blazing fast server.