One of the simplest ways to keep your WordPress site secure is to stay on top of regular updates. Developers are constantly releasing bugfixes to help close security hole, and as good users of open-source software it’s our duty to stay up-to-date.
For many WordPress sites, it’s immediately obvious when updates are available: you log into WordPress, and it says “hey, there are updates! Click here to install them!”. Unfortunately, that ability compromises site security for ease-of-use; WordPress should not be able to edit its own files on the web server.