With WordPress approaching 25% of running all websites on the Internet, it has become a target for any of its vulnerabilities.
Being such a popular CMS has its good and bad qualities. This being the bad.
However, the flip-side, is that WordPress is always feeding updates to keep sites safe and secure—before the Internet bad guys can “drop-in” on your install.
Take a look at these numbers:
Is your WordPress site updated?
It’s important to keep up with it!
[Image via Premium IT Solutions]
Steven Gliebe says
What’s really great is that since version 3.7, WordPress updates itself automatically with zero user intervention. That means critical security updates are applied in the background when they become available, just like with Windows or OS X.
http://codex.wordpress.org/Configuring_Automatic_Background_Updates
Equally important is using a strong password and keeping plugins / themes up to date. I wrote some tips on how to choose a strong password, how to stop bots from trying to guess your password and an how you can get an email whenever one of your plugins or themes is ready to be updated.
http://churchthemes.com/guides/user/wordpress/security/
This isn’t entirely WordPress-specific advice. It applies to all online accounts and really software in general (which is what WordPress and other CMS’s are). WordPress just gets more attention because of it’s incredibly wide adoption, like you said!