Almost every successful hack of a WordPress site exploits one or more of the four main points of vulnerability:
Host security breach
Out-of-date WordPress Core
Unsafe plugins and themes
Brute force attack
If you don’t manage these areas well, then any additional security measures you take will be in vain. You most valuable security tool is good management of your WordPress site.