To all those who’ve uploaded a WordPress build
If you don’t keep every WordPress website you’ve ever worked on up to date then you’re leaving a website in the wild that will be hacked. No maybes, it will be.
Your only valid excuse is if your responsibility was properly relinquished when your position in the company was superseded, or your maintenance contract expired, and you were confident in your last discussion that either you needn’t clarify that the owner understands their responsibility, or you felt they understood what you were telling them.
So build a website, build two, build a thousand, but you are responsible for what you built. You may have moved on, so may have the website owner, but has the website?
If you’ve installed WordPress and you’re responsible, then you must keep your WP core up to date, your plugins up to date and your theme up to date. The attack surface of WordPress is as wide as you make it – appreciate that.
And install WordFence. Whether you’re pre hack or post, WordFence will help. If it’s before, it’ll limit the brute UI hacks and for before and after, it’s file scanning and core comparisons will create an effective tripwire.