You’re probably thinking that you are running a secure and safe WordPress website. The short story – you’re not!
We’re living with the status quo that our websites are secure enough to not bother with the dirty job of hardening them as best as we can.
But the reality is different.
While supporting my customers, I personally face every day with shared web hosting servers, outdated(sometimes, ancient) technologies; people are still using the “admin” username, they don’t have a security plugin installed, even if it takes less than 5 minutes.
It’s not your fault. We assume that WordPress is pretty safe to run a website on it. And it is, but threads are everywhere and it’s best to avoid them if possible. And it is possible.