Yes but like any platform, it needs to be correctly managed.
Content Management Systems are vulnerable by nature as they are built on open source frameworks. WordPress is a target because it is by far the most popular and by its open-source nature. However it would be wrong to dismiss WordPress because of this and here is why:
- WordPress is extremely good at responding to security vulnerabilities. Its auto-update mechanism allows WordPress websites to automatically update when there is a new security patch.
- There are built-in mechanisms that display updates to the site administrator for WordPress themes and plugins and some email the administrator notifications or auto update.
- There are sophisticated security plug-ins that block, detect and remove potential threats.
- There are sophisticated plug-ins that detect, clean and restore with the minimum of downtime should the worst happen