The short answer follows the saying that something is only as strong as the weakest link. Doesn’t mean that you shouldn’t use WordPress, just that you should use it carefully, correctly, and smartly, even if you think that is not a word. Read on for the long answer.
Let’s start with the biggest security risk to a WordPress blog or website – plugins! The more plugins you have, the more chances your site is going to get hacked. The quality of the plugins matter too, of course. That is why WordPress websites are more vulnerable to hacking than most blogs – they have a lot of plugins to make it do what you would get with custom coding or UltimateWB, for example. Choose your plugins carefully, read reviews, try only using really popular plugins, so that at least if there is a “backdoor” or malware or spyware in a plugin you will hear about it soon, and can upgrade or remove it.
Another security risk for WordPress blogs and websites is that WordPress is open source – anyone can download the coding for free and study it to find security holes that can be taken advantage of. WordPress is continuosly upgraded with new security releases, so you will want to upgrade your WordPress blog or website when the security updates are available.
Server issues aren’t the only reason to keep backups of your website/blog. You will want a clean backup if your site gets hacked, just in case just reuploading a fresh version of WordPress doesn’t clean up your site and it has gone into your database. Plus, it’s easier to revert to a site backup if you haven’t make any additions/changes, and then you can just work on patching the security risks.