And more often than not it is poorly coded plug ins that are the infection vector, not Wordpress itself.
Not a member of The Register? Create a new account here.
Remember me on this computer? Post anonymously?