Web Designers are not security experts and can cause vulnerabilities unknowingly but also the client can cause the same vulnerabilities.
As a company, we build all our websites based on best practices however if a website is based on WordPress and not maintained on a regular basis the best practice at the time becomes obsolete resulting in vulnerabilities caused by outdated plugins, themes, and a weak WordPress core.
A weak and vulnerable website will eventually be attacked that could lead to your website displaying malicious content along with being used to spam, all resulting in a financial and reputational impact.
Recently we identified irregular activity on one of our client hosting accounts and after investigation it was being attacked through a vulnerability within older versions of wordpress. This allowed the attacker to launch their own scripts and replace content on the website.
After we identified the traffic and the vulnerability we restored the website to a previous date, updates the WordPress core and plugins to the latest version and run our inhouse built script to secure known directories used in regular attacks. Within 1 hour the client website was back online and running faster and secure.
The above information will contribute to ensuring your website is secure at the time of this blog post. To ensure your site stays secure we recommend you review the latest updates from WordPress Hardening.