20,000 WordPress sites have been compromised by botnet attacks. That’s a lot of sites and for professional cybercriminals it’s not hard to do. It’s not difficult to protect yourself either, but you need to take proactive action to do that – its just too easy not to do that.
How hard can it be to force people to change the default username and to stop them choosing an insecure password?
I’m fully aware that IT security can be a pain in the backside – but it’s not half as much of a pain as having your website compromised and trashed.