[deanhills]

 Also i think it is not very fruitful to point at guys at wordpress.

True. Hopefully you didn't get to that conclusion from my Post. Having WordPress site however puts greater responsibility on the person to tread very carefully. Like it isn't a luxury any longer to have your theme and plugins up to date. You can't take chances any longer, as there are focused and active attacks on them alive and doing very well on the Internet - they work in bots, are fast and furious and more unstoppable than every before. That is what the warning is about. Don't use an old theme. Check your theme regularly. Don't have an old plugin that you are no longer using in your WordPress site. Check your plugins regularly, only keep the ones you are using, make sure they are up to date from the author by checking out the comments and WordPress feedback about how long since the plugin has been maintained, and make sure the plugin is always up to date.

Thing is, those attacks are not bad, like with catching a cold, and getting a wrap on the knuckles, but SUPER BAD, as all of those fancy anti-spam places that like to blacklist spammers, then get to target the site of someone innocent who got caught by the bad guys. They get their hosting account suspended and IPs black listed. Like everything is interrelated. Once a Datacenter has received a complaint about your WordPress site causing other sites to be attacked, you're already listed on blacklists and anti-spam lists everywhere. And as soon as you start to try and sort this out, those bad guys have already left, and are already working on another poor victim with the same issue, doing their bad act.