WordPress is a great cms to manage your site, 24% of total websites (in world) are managed through wordpress, but you have to take care of many security parameters in order to make your wordpress blog / website 100% secure from hackers you should check following security holes in your wordpress site.
How do hackers gain access to your wordpress website ?
WordPress Nulled Plugin & Themes :
do not ever use wordpress themes or plugins from unofficial sources.
Unreliable Website Hosting :
always use reliable web host, most of wordpress sites get hacked due to vulnerabilities in their hosting platform.
Weak Passwords :
always use strong password for wordpress site, do not use common passwords which are easy to guess otherwise hackers can use brute force method to gain access to your website.
Default WordPress Login URL (wp-admin) & Username Admin :
change default wordpress login url, and also change default username (admin) to make your site more secure otherwise brute force will be used.
Old WordPress Version’s :
always use up to date wordpress version, hackers can use vulnerabilities in your out dated wordpress version to get access to wordpress blog / website.
Weak File Permissions :
give as many permissions as needed no more or less.
Exploiting (wp-config.php and .htaccess) Critical Files :
there are two very important files among your wordpress core files, (wp-config.php and .htaccess) if one of these files get compromised hacker has already won! so keep these two files secure as much as you can.
Default Table Prefix :
database security is also important, if you are using wordpress default table prefix hackers can use sql injection.