Content management systems are vulnerable to being hacked because they are connected to databases. It is important to keep the system and all plugins within the system up to date to close up any potential holes in your website.
The process we use is as follows:
Plugins are available to offer automated reminders about updating this.
Be sure to pick a password that is not easily guessed. Using the password 1234 or Password is a bad idea. The use of admin for a username can also be easily guessed.
There are options in content management systems to limit the login attempts allowed in a certain period of time. By having this in place it reduces the risk of someone guessing a username or password.