Over the last few years I have seen more accounts compromised due to outdated default themes like “Twenty Twelve”, “Twenty Thirteen”, “Twenty Fourteen”, etc. When a user installs a new copy of WordPress more often than not they proceed to install a new theme that they prefer over the default offerings. The big issue is the result of two missing steps that all webmasters should perform.
First and foremost is keeping everything up-to-date which can prevent the vast majority of account compromises we have seen over the years. We keep the servers themselves secure from intrusion and we even work to protect your usernames, passwords, email accounts, etc. but there is a limit to how much we can shelter you. If, for example, you have an outdated theme or plugin installed even if you aren’t using it – it can be used against you and your site.