Opensource website is definitely vulnerable for hackers to hack into it. This is not only limited to WordPress, but other CMS like Joomla, Drupal etc. Hackers target sites that are outdated and plugins that have backdoors script in it. Once you have your site online, hackers will scan and hack it with whichever method they can. This will not only affect on your side, it will affect the rest of the sites that hosted under the same server as you. Below are the few tips to make sure your WordPress site is healthy and clean.

1. Don’t use unknown or nulled scripts for your WordPress template & plugins.
   Get your WordPress template & plugins from a valid source to make sure there aren’t backdoor scripts in the files that you going to plug in into your WordPress site.
2. Install Wordfence vs Sucuri
   Both of this plugins are like “anti virus” for your WordPress. It can detect and take action on several vulnerable attack on your site including burtal force. If you are not sure which to choose you can check out the comparison between them in here – https://stratusly.com/wordpress-security-sucuri-vs-wordfence-review/
3. Do regular virus scan on your hosting account
   If you are using cPanel as your web hosting control panel. Please use Claimav scan to scan your files and folder regularly.
   

If you still have issue with your WordPress site, feel free to contact us.