1. You Get Hacked
According to Wordfence, the most attacked things in WordPress are: vulnerabilities in PHP code (core, plugins, themes), login pages, older apps hosted on the same server, config files, and the web server itself.
Turns out, hackers don’t really spend that much time picking the sites they will hack (unless you’re a huge brand). Most of the time, attacks are vulnerability-based, not website-based. Meaning, an attacker doesn’t pick a target and then tries to find a way in, but rather picks a known vulnerability, and then tries to find all the websites that can be attacked with it. In that light, everyone’s a target, no matter how big or small. And not maintaining your site is the first step to becoming a victim.
2. You Loose Data
Data Loss is often even worse than getting your website hacked. If you don’t have a reliable (and working) backup in place, you’re risking not only the site, but perhaps your entire business. And it doesn’t take much. For instance, a server malfunction, a problem with the cache, a virus on your own computer – the one you use to access the admin user on your site, and probably a myriad of other reasons.
3. You Lose SEO
Did I say that data loss is the worst? Scratch that, if you rely on incoming traffic from Google then having your rankings dropped can be even worse than that. Google punishes infected sites severely.