One of the downsides to developing with WordPress is that it is subject to the brunt of an army of hack attempts. This is mainly due to it being the world’s most popular CMS and therefore the biggest target.
The best way to protect your site is to keep your core WordPress files and any plugins that you may use up to date. New exploits are always being found in WordPress and it’s vast array of plugins, and these are usually patched very quickly (any decent plugin will be anyway), so it is important that you update your website with these new versions to protect your site from these exploits that hackers can use to get access to your website, put malicious Javascript in your pages or any other sort of nasty things.
I always install security plugins as a matter of course on any website that I develop, it doesn’t take long to do and will harden the site against many types of attacks and so it well worth doing. My plugins of choice are iThemes Security and Wordfence, both are very good and updated regularly to keep up with the bad guys.
If your site has been hacked and you want someone to clean it up and protect it from any future attacks, or if you want to harden up your website before it gets targeted, then just drop me an email at hello@matthewpont.com.