As part of my job, I help customers on a daily basis to overcome hacks, defacement and malware infections on their WordPress. Most of them are just business owners or WordPress developers who don’t mind much about security.
A website is like a car, if you don’t do regular maintenance then you can’t expect it to last forever. The software: WordPress, themes and plugins, have bugs that are discovered thru time and that is why WordPress is updated pretty often and same for themes and plugins.
Since WordPress makes up for the 25% of all the website in the world wide web, it has become an usual attraction for hackers and script kiddies looking for an ego boost, or simply to use your site as a proxy to attack someone else.
I regularly have a tough time trying to explain this, but I was lucky enough to find this amazing talk by Tony Perez, the CEO of Sucuri (@perezbox on twitter). Sucuri is one of the leading Malware cleaning companies that are helping website owners and developers to protect their sites & help them recover from malware infections.
Below is his talk from a WordCamp from 2015: