WordPress powers more than 25% of the active websites according to a recent survey by netcraft. This gives hackers and others a huge platform for fulfilling their malicious intents. However, with proper security measures it will be very difficult for anyone to hack your website. Their are some standard procedures and guidelines which needs to be followed in order to have a secure WordPress website.
WordPress organization makes every effort to patch any security hole found in a timely fashion. WordPress can easily be upgraded/updated through back end admin panel. You can also contact your web hosting provider or website developer for updating your website.
Always use a strong password for your WordPress admin and normal users. It is a good idea to create a user with admin privileges and remove/disable to admin user. This will make it difficult to guess the administrator username. Utilities such as LastPass and 1Password can be used to generate strong passwords and securely store them. If you are not a fan of using digital password managers than a good alternate is to come up with a "phrase" of your own and an "algorithm" to generate unique strong passwords.
USE ONLY TRUSTED PLUGINS
Rule of Thumb is to install plugins only from trusted sources and always keep them updated. Treat each plugin as an extra entry-point to your website. More the plugins more points to secure and guard. If you don't need a plugin just deactivate it and better delete it from your system.