WordPress security is taken very seriously, but as with any other system there are potential security issues that may arise if some basic security precautions aren’t taken. (Codex)
Web security is not an absolute, as many other things, it’s a continuous process and should be managed as such.
Security is about risk reduction, not risk elimination, this is very important to understand that because risk will never be zero!
WordPress security is about employing the appropriate security controls to reduce the risks and threats for your website.
Securing and hardening your local environment is also important, online behaviors and internal processes, as it is physically tuning and configuring your installation.
WordPress security is comprised of three domains:
- People,
- Process,
- Technology.
Each work in a synchronous harmony with each other, without the people, and their processes, the technology itself would be useless.