Good question. WordPress consistently updates its basic code to protect against hackers, so why do you need more than that.
First, WordPress updates come about because someone has found a weakness in WordPress and used it to attack a website, or more likely a lot of websites. That’s great, unless yours is one of the sites the hackers got to first.
Second, WordPress only watches out for its program. It does not look at vulnerabilities in the plugins you have used to enhance the sites functionality. Hackers often use openings in the plugin code to enter and take control of a site.
Finally, WordPress sites are constantly under attack. In just the last month (30 days) we have blocked more than 1250 attacks on our site alone. Hackers from Russia, the Ukraine, China, the Netherlands and many more countries attempted to gain control of our site. While they used many different tools to try and break in, the most widespread was trying to login with common usernames such as “administrator,” “admin,” test, and in our case “citycent” (our domain name).
If we had not been actively protecting our website it would have been compromised and be currently making money for a hacker somewhere.
So, don’t for a second believe that just because you’re not a Fortune 500 company or a large E-Commerce site that hackers won’t bother you. Take precautions. Actively secure your site. We’d be happy to help.