There are a number of ways in which your site could become the victim of a security breach. Unsupported and outdated plugins and themes are one way. Weak password rules and unfettered access to WordPress is another. Hackers could also get in through your hosting server. And on and on the possibilities go.
Needless to say, having a laser-eye focus on security is of the utmost importance when you’re a web developer, especially when you work on a platform like WordPress that already seems to have a huge target on its back.