Another popular attack vector for WordPress sites is weak passwords. Attackers often use brute-force attacks that attempt to guess passwords, an effort that is only made easier by simple, dictionary word passwords.
You ultimately have the final authority on what passwords you choose. I strongly recommend, always choose a strongest password.