rocknbil - 10:31 pm on Jan 25, 2010 (gmt 0)

Enter into Google: hacked wordpress site:webmasterworld.com

I get 489, today.

Temper the above info with the information on this site about securing a WordPress installation, most of the hacked installations are due to not keeping the installation updated and following best security practices . . .

I'd played a little with WP for the very reason you mention - customers who only want to keep two or three pages updated - the overhead is just too much for this. In the time it took me to upload, install, and configure a test installation, I could have coded up a mini CMS involving two or three files . . . which is what I wound up doing. Ten pages or less, I code it, larger sites, I might consider "calling in the big boys . . . "

It's not databases that are insecure, really. It's how they are accessed. One could just as easily hack a flat file DB or a set of text files if the programming is loose enough.