From Wordfence, a remarkable statistical analysis of how hackers gain control of WordPress sites.

As you can see, password theft is a distant 8th place. Exploiting plug-ins provides the most-often-used pathway into a Web site for hackers. According to Wordfence’s blog, there are three ways you can protect yourself:

• Keep your plug-ins updated
• Don’t use abandoned plug-ins
• Only use a plug-in downloaded from a reputable source.

For more information, and to learn more about the #2 threat, brute-force attacks, read the entire post.