WordPress is a great platform on which to build a web site, and it’s estimated that it now powers around 25% of all web sites - and that makes it a target for hackers.
With a standard platform for the hackers to target they can try and infect tens of thousands of sites, and there is an excellent chance they will break into a significant percentage of them. For them it’s just a numbers game. It’s nothing personal against you.
Most of us have seen websites that have been defaced. The reality is that these are NOT the norm, because most people putting malware on your site DON’T want you to know it is there. Unlike the script kiddies who deface your site to show off to their friends, the REAL bad guys want to get as much use out of your site as they can, and are hoping to stay on it for as long as possible.