Like it or not your Wordpress site is already broadcasing all the information a hacker needs to hack you.
Your Wordpress Versions, theme/plugin names and versions are free for all to see.
With That kind of information hacker don't even need to work hard to break into your site. They just download the exact exploit they need & in 2 seconds your site is under their control.
This is a bit like handing hackers the key to your website to hackers & a sign aoutside the door saying "hack me"...it's crazy!
Yet that's exactly what ALL wordpress websites do by design... the critical hacking information is totally exposed.
In April 2015 FBI Issued a warning to all Wordpress owners saying that ISIL are spreading their message via hacked WP sites. The use low sophisticated methods like scanning sites for vulnerabilities & deploying basic exploits to take control.
These tricks have been used for years by "script kiddies" (a derogatory name used by hackers to dismiss any skill). It's as easy as look through the site code - see what the site is running & then download a free script that breaks the site.
It's hardly surprising then that terrorists are taking advantage of this to distribute propaganda & recruit followers
What's worse is that webmasters don't normally find out until customer notifies them