You wake up at 4:23 AM on an SMS saying: "your blog is hacked!".
What would you do?
What if, you weren't able to access your server because hackers changed your passwords?
You manged to reset your passwords, accessed your server to apply corrections and things are running smoothly (w heik), what if your backup dates from the last month?
What if, you had no backups at all?
Would you cry? I would have definitely cried.
Back to the realm, when it comes to blogs and websites security, it's not always your programmer's mistake (though most of time it is), sometimes it's yours; and it's doubled when you are your own programmer.
Wordpress, Drupal and other platforms installations are secure but common mistakes come from the publisher's level, especially when you are a journalist on the fly publisher.
Considering security in general, it is a trade of Usability and Functionality. Too much ease-of-use and functionality kills security, where too much security kills them both.
You don't know your enemies, nor their skills, nor their resources; hacking techniques became so easy that unexperienced kids can hack you within 3 clicks - occasionally, hackers are hired to unethically hack other people, others hack just because they can. Are you afraid? 'guess you are or else you wouldn't have been reading this.
On the other hand, human hackers are not the ones who only attack you, Gauss White
is a typical cyberespionnage example that targeted the Lebanese banking sector back in August 2012.
Here are the commonly met security mistakes/misconfiguration