Every month, we see a large number of plugins and themes by exploited. We also see websites as a whole attacked. This can be scary for anyone with a website. It’s scary for me, not just for my own sites, but also for the almost 150 sites I manage for others.
I take these issues very seriously and am monitoring sites closely. As a part of our maintenance package, we are checking sites almost daily. Critical updates (like the ones mentioned above) are done right away. I get emails from every site when someone tries unsuccessfully to login (to watch for hacking attempts) and when someone logs in successfully (to make sure it’s really you logging in).
Monitoring your site can be overwhelming and is often one of the last things someone remembers to do on their own but a website should never be left without updates, malware scans and backups being done regularly. Consider having someone do them for you on a regular basis to keep your site secure and stable. Make sure you are using someone who knows what they are doing.
Here is a list of WordPress vulnerabilities for December 2016.