I have many wordpress sites, some large, some small, and only 1 was ever hacked and it was on a shared host 10+ years ago. Today I have sites that I haven't updated in 5+ years, no hacks no problems. Good wp depends on good server config and good wp setup.
I am not using shared hosting. It was hosted on a Digital Ocean box using the recommended security updates, settings, file permissions etc and with as few plugins as I could get away with. I also had the "pro" version of Wordfence installed with active monitoring. Yet it was hacked.. multiple times.
Wordpress is pretty secure but putting everything in a shared hosting with lax security like dreamhost or hostgator et al its asking for trouble.