WordPress is secure, as long as publishers take website security seriously and follow best practices. No software or website is completely secure. If you are connected to the Internet, you will always have vulnerabilities or ways to break in. However, wordpress infrastructure is one of the best infrastructures built and is designed to be safe from hackers and attackers.
WordPress is a very secure CMS, but like any other content management system, website or web application, it can be attacked by hackers. Wordpress provides a way to update all plugins automatically, which is convenient for publishers or companies that don't log in and make updates frequently. For that reason, it's important to note that WordPress security is much more than just a simple security plugin and secure passwords. The recent exploitation of WordPress plugins validates that WordPress is one of the main website CMS that is compromised.
Beyond what is happening on your WordPress site, your hosting environment and the technologies you use also make a difference. While the core of WordPress is secure, there is a lot that can be done to keep the website security strong and safe from hacks. It's known as WordPress reinforcement, and these measures make small incremental improvements to the security of your website. However, these statistics don't mean that your website is safe from a hack because you don't have sensitive information.
The threat is not in WordPress itself, but in the wide range of third-party plugins that WordPress users use. WordPress really does a great job of mitigating this by automatically generating strong passwords, but it's still up to users to keep those passwords secure and also use strong passwords for hosting and FTP. However, the ecosystem has such an impressive reach that it is impossible to keep hackers away from WordPress sites. There are a lot of backup solutions out there, but the one I've found immensely useful is called UpdraftPlus WordPress Backup Plugin.
Since no digital property is 100% secure, there are also ways to hack WordPress websites, but it doesn't make it less secure than other CMS services. Every site on the web is under constant attack, whether it's a phpBB forum or a WordPress site, every site is being investigated by hackers. Check all your WordPress plugins to make sure they haven't been abandoned and seem to be updated quite often. WordPress is one of the most popular CMS out there, and there are many tools and extensions offered by WordPress that can be a very good addition.