Add together old versions of WordPress, add thousands of theme and plugin vulnerabilities, it’s enormous popularity as a CMS, and an end user who does no upkeep and you have a very vulnerable website.
The first issue is outdated versions of WordPress. Whenever a new WordPress version is released, users get a message, but most users have gotten good at ignoring the message, “it’s a hassle, and I’ll do it later.”
Vulnerabilities in plugins and themes is another issue. The WordPress repository has 54,000 plugins and is growing. The plugins are of varying quality; some of them inevitably have security loopholes, while others are outdated.
Then, there’s popularity. WordPress is popular, without a doubt. There are around 17,402,952 WordPress sites, accounting for 27% of the internet in January 2017. This popularity means that if a hacker can find a way into one WordPress website, they have potentially millions of websites for a playground. They don’t need to hack websites that use the current version of WordPress; they can scan for sites that use old insecure versions and hack those.
And finally, the most significantly, the biggest obstacle facing WordPress are the users themselves. For whatever reason, there is this perception among WordPress users that the hardest part of the job is paying someone to build the website and that once that is completed, no further action is required.

WP [well-being] steps in and solves these issues with WordPress, by updating not only the core but all plugins and themes as updates are released. We take it even further by adding security measures and a firewall to protect your site.