WordPress is known to have a few vulnerabilities but they are quickly patched up with an update when discovered. However, there are ways by which a user can improve WordPress security.
Make sure you keep the WordPress site and plugins updated regularly to enhance the security of the system. The admin area of WordPress must be adequately protected. WordPress security can also be significantly enhanced by using the two-factor authentication for your WordPress website.
Your choice of WordPress hosting service can also affect the security of your website. Choose a provider that supports the latest PHP and MySQL versions. Finally, choose truly unique and strong passwords.