One of the main reason a WordPress website or blog gets hacked is running outdated software. Keeping your WordPress website up to date should be at the top of your list of security checklist.
WordPress core, themes or plugins you have installed on your website, should always be running the latest version. Outdated theme or plugin can make your website vulnerable and result in script injection. You should also keep checking the credibility of the theme and plugin.
Version updates are not just for new features or bug fixes; they can also include security patches for known exploits. Bots will scour the internet looking for WordPress sites running outdated software with known WordPress vulnerabilities. When you leave software out of date, you are giving a would be hacker the blueprint to bypass all other security measures you have added to the site.