I have some niche sites generating decent small income. I use limit login attempts, although some of them are running wordpress 3.5. I dont update because I dont want to risk all my theme changes altering because I never made a child theme. Just wondering if this is a sure-fire way to get hacked? And also if there are any other necassary plugins needed to avoid ever getting hacked?