In Wordpress, as with any system, there are potential security issues that may arise if some basic security precautions aren't taken. Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to that end you should always keep up to date with the latest version of WordPress. Older versions of WordPress are not maintained with security updates. Since version 3.7, WordPress has featured automatic updates. Use this functionality to ease the process of keeping up to date. You can also use the WordPress Dashboard to keep informed about updates. Read the entry in the Dashboard to determine what steps you must take to update and remain secure.
Resources from Wordpress:
FAQ My site was hacked https://codex.wordpress.org/FAQ_My_site_was_hacked
Hardening WordPress http://codex.wordpress.org/Hardening_WordPress
FAQ Security http://codex.wordpress.org/Security_FAQ