Overall, there are two main reasons why any site is hacked: money and hacktivism.
According to a 2016 report by Sucuri, 100% of sites that were sampled were hacked in order to exploit them for profit, but four percent of them are simultaneously used for hacktivism.
Any and every site is a target no matter how teeny-tiny or gargantuan. The reason is that WordPress itself is such a popular content management system (CMS) that it’s a natural target.
When your WordPress site is hacked, you may not notice it until suddenly you get an email from your hosting company telling that they had to terminate your account!!
Getting your WordPress site hacked is bad..
.. but getting your hosting account terminated? It is a DISASTER.