By WordPress, I mean everything written for WP, not just the core software. Honestly, with a little configuration with security in mind, WP Core is rather solid (security-wise). However I have a client that wanted a specific "Feature" on their website, they found and installed a seemingly good plugin to add the desired functionality. Only 3 days later their website had been compromised. We started fresh, and installed everything again, double checking all the configurations. In just a day, it had been attacked and compromised again. How is this possible?