WordPress is a trashheap of security vulnerabilities. Despite using the latest versions and not using any plugins, I still find my website getting wiped out every year or two. I have a number of websites on my server, most of which are written from scratch using notepad, and have never been compromised. So now I have the privilege of having to wipe out my wordpress installation and make something from scratch, to protect my other websites.
Nobody should use wordpress. Ever.