According to Smashing Magazine, there are three main reasons WordPress sites are more vulnerable to hackers and malware: outdated versions of WordPress, plugins and themes, and popularity.
Outdated versions of WordPress. WordPress releases updates nearly every week. Most updates include the most recent security bug fixes. Many website owners fail to log into their sites regularly to update the WordPress core files. Even worse, those who do log in regularly ignore the message, leaving them exposed to a breach. – less – More from ZoomInfo »