There are a few ways that people will exploit WordPress powered sites.
- No SSL Certificate
- Weak Password
- Plugins
- Host has poor security measures in place
I suggest that you use certain hosts. I currently use GoDaddy. If you get the higher end hosting package they are offering free SSL for a year. Have had 0 issues with them. When issues have arisen they have worked hand and hand with me to resolve them quickly. I suggest using a password generator to create a hard to crack password.
Here are some links and I hope they help.
LastPass
GoDaddy (Currently 50% off / Free SSL with Ultimate Package)
