WordPress

I see it all the time, basic security principles totally ignored by otherwise responsible people.  Maybe it's ignorance, maybe it's laziness, but in every case, it's totally unacceptable.  If you own a Website, and for every Website you visit, you must use strong passwords and keep them private.  By far, the biggest security threat you face is poor password security.  Here is a list of the most commonly used passwords in 2013, it's astounding to me that people would actually use such ridiculous passwords.

WordPress is sophisticated software, and as mentioned earlier, every software has bugs which can be exploited.  But as long as WordPress enjoys widespread support, these bugs are discovered and patched.  However, this only benefits you if you have the latest version installed in a timely manner.  Most times we see problems with WordPress sites, they are badly out of date.  So it's important to make sure your Website is regularly updated and this means more than just WordPress core, you most likely have plugins that add various features to your site, and they must be updated as well.

Often overlooked, but when a Website is compromised and all else fails, restoring from a backup is your best ( only ) option.  It's just good practice, bad things happen, even if you are not hacked, your Website could break for a million different reasons.  I've seen updates break sites, installing plugins, hosting companies accidently deleting accounts, it goes on and on.  You always need a backup as your last resort.