WordPress is one of the most hacked websites on the internet. Does that mean it's bad? (The short answer is no.)
In 2018, 90% of all hacked CMS websites was using WordPress. When I tell people that WordPress websites are often hacked many first assume that WordPress is a bad platform to use, which I'm here to challenge.
If I were to compare web platforms to car brands then WordPress is similar to Honda, but much more popular. The Honda Civic and Honda Accord are some of the most stolen cars in America. If this statistic is true then does that mean Honda is bad at making cars? Unlikely, because Honda is widely regarded as one of the best car brands. The same logic applies to WordPress. So why are Honda cars some of the most stolen cars and why is WordPress one of the most hacked websites?
If you look more closely at the source I posted on most stolen cars, you'll notice that the top two cars are Honda cars from the late 90s. Older cars are susceptible to break ins as they become more familiar to thieves and the same goes for websites. Although it's more difficult to update the security of an older car it's much easier to update a website, yet many websites don't get updated due to negligence and lack of knowledge.
Much like leaving your doors unlocked or your keys in the ignition, using a weak or compromised password makes it incredibly easy to break into a website. All one has to do is simply attempt to break in and find success.
It's no secret that WordPress is often used and abused. Many developers add plugins and extra functionality without considering the costs. Each added plugin increases the chances of potential weaknesses and much like the foundation of structures, if one thing begins to fall then so does everything else.
Perhaps the biggest contributor to high amounts of WordPress websites being hacked is simply its widespread use. WordPress makes up 30% of ALL websites and also 60% of all CMS websites. Much like the Honda Civic and Honda Accord, there's a high amount of break ins due to those cars being everywhere. The same concept applies to WordPress.