All websites on the Internet are vulnerable to getting hacked. WordPress gets targeted more because it is the world’s most popular website builder. This leaves a huge attack surface for hackers which makes it all the more tempting to them.
Motive for hacking
There are many reasons why hackers would want to hack any website no matter how significant the website is.
- distribute malware
One of the top reasons for hacked WordPress websites is to distribute malware which in turn could provide monetary returns, or command and control to attack other sites - botnets
Hackers create botnets to use your computer resources to hack other website, creating a remote command and control infrastructure - hacktivisim/activisim
Sometimes websites get hacked and hijacked to spread political information sometimes misinformation. - random fun
Sometimes this is all done for fun or bragging. After all, it is done automatically, if some kid hacking in his bedroom learns to fire off some Python code that is freely available on the Internet what is to stop them?
It happens fast
Your site might get randomly added by an Internet bot/crawler and then a sequence of events leads to exploitation of any weakness in your website.
Getting added to a bot happens automatically and it is estimated a new website will be attacked within 30-45 days of being created with no content or audience.
Protect your website from day one, and keep it maintained. The best strategy is a proactive one.
Here is some news on the topic of WordPress websites getting hacked