Vulnerabilities are regularly discovered in most software. They are also regularly fixed. If you don't install updates then your software may have known vulnerabilities that hackers can exploit. Keep your WordPress, other CMS software, and all other PHP applications updated.
You can keep an eye on known security vulnerabilities by visiting your application developer's site.
Having a blank index.html file in your site's directories will keep casual visitors from viewing your files.
Every piece of software is a potential attack vector, especially if it is unused and unmaintained. Remove the applications that you no longer use from the server.
Only install extensions from trusted sources. Hackers love it when site owners do their work for them and install unverified and malicious plugins into their software.
If Google or another party lets you know that they think your site has been hacked and is sending out spam or serving malware to your visitors, the first thing you should do is change all the passwords, then contact our Abuse Division for help.
Unfortunately, the most likely remedy is to restore your site from a previous backup to ensure that all infected files are removed.
If you follow these simple guidelines, your likelihood of being hacked is fairly slim. Hackers tend to be lazy, and they prefer to go after easy targets.
Make sure your site isn't an easy target!