Since scare tactics seem to be what drives some people to take secure your wordpress site a little more seriously, or at least start considering the problem, let me shoot a scare tactics your way.
After spending a couple of days and hitting several spots around town, I eventually find a cafe which provides free, unsecured Wi-Fi and to my pleasure, there are tons of folks sitting around daily connecting their laptops to the"free" Internet service. I sit down and use my handy dandy Wi-Fi cracker tool and log into people's computers. Remember, they are all on a network.
Should you ever want to migrate your site elsewhere, like a new web host, Learn More you'd be able to pull this off without a hitch, and also without having to disturb your old site until the new one was set up and ready to roll.
Whitelists pathological-looking phrases and black based on which field they appear within, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
These are only a few. Thing is they don't need much time to perform. These are also easy options, which can be carried out easily.