How secure is WordPress?

By default, WordPress is a highly-secure CMS. However, vulnerabilities often arise from external factors like outdated themes and plugins or poor security practices. The biggest security risk is the human factor—how we manage and secure our WordPress websites.