WordPress is not inherently insecure and the developers work hard to ensure breaches are patched quickly. Unfortunately, WordPress’s success has made it a target:
- not all themes and plugins are developed with the same level of care
- if you can break just one WordPress installation, many millions of sites may be open to you.