WordPress powers well over a quarter of all CMS-using websites, way more than any other platform on the internet. While it’s great to have such an immense community of users, this also makes the platform a bit of a high-yield target for attackers. Usually, WordPress websites are attacked by bots and scraped for purposes like data scraping, spamming, etc, mainly because one identified vulnerability can bring down thousands of websites at once.
But as with everything else, WordPress security is as good as you make it. The platform isn’t exactly unsafe to begin with, but that does not mean you shouldn’t go the extra mile and beef up your website security as much as possible.