[pjbrunet]

I agree. I've been generally following WordPress news since 2004 (the beginning of its popularity) there's been no serious security problem in many years, as long as you had open user registrations turned off. Why you would allow a complete stranger access to your admin panels in the first place is another debate, but basically: don't allow user registrations on your blog and you're safe.

If you look back in history, the so-called "WordPress hacks" in the news had nothing to do with a flaw in WordPress. What actually happened was, like in the case of the Media Temple hack, the hacker got access to the MySQL database and obviously all the blog data stored in MySQL was vulnerable. There was never any indication that WordPress was the attack vector when all those big hosts were affected. So what can you learn from that? Don't use shared hosting. Shared hosting was never that reliable in the first place. From my perspective, the shift to VPS was a big leap forward in terms of uptime for most websites/blogs.

Another big problem was the "timthumb" plugin. But from 2004 onward, that was really the only plugin that caused widespread problems for WordPress blogs, as far as I can remember. Yes, some plugins are dangerous and maybe you want a service like sucuri.net if you're really concerned about bad plugins. But bad plugins are rare, IMO.

Also weak passwords, again not a WordPress-specific problem. People using FTP carelessly, I bet that's the issue most of the time.

I'm not saying security is easy, I'm just saying WordPress is generally not the culprit. If there was ever any major hack that made the mainstream news that I missed, please post the link.