Oh good lord. Having a Wordpress site is setting up a gigantic HACKMEEEEEEEEEE sign. Any competent IT person should know that. It's a gigantic complex PHP thing, so it's going to be insecure, and it has tons of plugins which are even more insecure (most hacks are via plugins and themes).
Bollocks. A WP site is just like any other IT project: install only what you need and not more (plugins as well as themes), and pay attention to the rather good security advice out there. It starts with a good ISP so you don't have a platform weakness (it's still an OS plus webserver stack before you get to WP), then install All In One Wordpress Security and Firewall which gives you a guided tour past all the things you can do to lock it down (and, IMHO very important, explains why), and if you install a plugin that uses Google Authenticator timed passwords you only need to make sure you keep up to date with patching.
And even that can be automated.
It's really not that hard. The hardest work is blacklisting the networks that seem to specialise in supporting script kiddies. I seem to get a lot from OVH these days. On some websites I've installed IQ Block Country and banned the usual suspects (China, Anonymous Proxy, Russia, Ukraine) as that turned out easier than blocking one IP range after another.
As for looking up IP addresses, I have found WhatIsMyIPaddress.com very helpful. I don't run my webserver myself or I would have added fail2ban to the defences, but I use an ISP that runs most of its platform on BSD which seems to be enough to confuse most script kiddies already :). As I refuse to serve advertising (despite many, many "get rich quick" prompts from various parties) I'm also not worried about becoming a malware server to others.
And for the rest I run Joomla :).