My sites are getting hacked regularly even though my sites are currently up to date and only using the most to update popular plugins
I think there are some easy modifications that might reduce hacking.
1) the admin users always defaults to "admin". On the installation, we should have an option to choose our own username.
2) the table_prefix is defaulted to "wp_"; Maybe we can leave the default as "wp_" but on the installation, it should ask us if we want to change the table prefix.
I'm not a programmer or security expert, but maybe there are other minor modifications similar to #1 and #2, the WordPress team can implement. Something like to the secret keys
These should stop or at least make the bot take more time to hack the site.
Yes.. these can be changed manually via phpmyadmin but somewhat tedious and somewhat difficult for someone new to php/mysql/phpmyadmin.