Last November, more than 1 million GoDaddy-managed WordPress customers were part of a breach that could have exposed their email addresses, private SSL keys, and admin passwords. The attacker was apparently able to operate undetected inside their networks for two whole months. This is just one data point in a long history of past exploits because WordPress has been a very rich and desirable target. There are numerous things you can do to protect your site, including using two tools that I have been using (Wordfence and MiniOrange, shown here).
You can read more about how to secure your WordPress site on Avast’s blog. If this is a new topic for you, you shouldn’t operate WordPress without making use of these steps — even if you gradually add in individual security measures one by one.