When you have a website, it will get attacked to get hacked.
Our servers are constantly getting attached, but almost never by a person. Rather people have written scripts (small pieces of code) that systematically troll the internet looking for specific things, and when they think they have found what they are looking for, then another piece of code is alerted and it does the attack.
This attack code is looking for WordPress websites.
Once it is alerted to a website existing on a server some where, then it goes about see if that website is up to date. It asks your website, my server a whole lot of questions and depending on the answers it may find that the site is not up to date and it is able to exploit a particular vulnerability.
This is why we never what the Government to force Apple, Google or Microsoft to put a back door in to any software. Any such backdoor will become a source for hackers to use and get entry.
This is why we have requirements around how you can use our server to host your website. It is to keep you safe and everyone else here.