WordPress the app is inherently unsecure in many ways. A full overview would be lengthy, but an obvious example is the general architectural reliance on self-modifying code, which requires write access to executable files on your server (this can be disabled with some difficulty, but this makes updates difficult and completely breaks many popular plugins. Doing so is not encouraged or really properly supported by WP devs). This isn't the only problem, but it's a large enough one, and most importantly, it's by design.
Auth code might look OKish (haven't looked closely recently), but any general vulnerability in any part of the app as a whole or in any 3rd-party plugins potentially opens you up to data breaches.
Auth code might look OKish (haven't looked closely recently), but any general vulnerability in any part of the app as a whole or in any 3rd-party plugins potentially opens you up to data breaches.