Three most common reasons WordPress websites are hackable.The biggest and most common cause of a hack is having out of date plug in’s and theme files on your WordPress environment.  When a theme or a plug in gets updated the changes are automatically disclosed in the change log’s which are publicly available.  Although this is of great benefit to developers it also means hackers can easily pick up on where your weakness’s will be if you haven’t updated your theme or plug in files.

Another way in for a hacker is Free Plug in’s and themes.  Free plug ins and themes don’t have any in built security holes and this can lead to further attacks.
The solution for this is simple – Update your stuff!

If you’re unsure of how to update your plug in’s or your theme contact the developer who created the website/installed the plug in’s for you. Always ensure your developer allows you access for updating theme files after the website launches or ensure they are willing to do this for you as it can lead to major complications down the line.
Weak Log In Details

Most WordPress websites when developed at the beginning will come with the username of “Admin” This makes it extremely easy for hackers with advanced softwares to scan and exploit your weak log in details.

Ensure your password is strong and consists of different levels of characters, numbers and symbols.

Database Injections

WordPress uses a database which is made up of many different files and file types.  You can usually access this database through your Cpanel or phpMyAdmin log in.  This is the most serious kind of hack – If a hacker get’s in here they can potentially ruin your website or delete it.
The solution for this one again is simple, ensure everything is updated and that you have some sort of defence added to your website.  A premium paid security plug in, is the best way to go.