And yes, WordPress sites get hacked all the time. Keeping your themes and plugins up to date helps, but make sure you download plugins from authority sites and ensure they stay up to date with the current version of WordPress.
I agree Wordpress can be hacked. Anything can be hacked. Though most people who own wordpress have NO clue how many times each day people (bots) try to break in. Until you have a good security plugin, then you see what the bad guys are trying to do.
I put in another vote for Wordfence, great plugin.
Tried several image compression plugins, but best I found was Kraken. Works great.
Also like Intense Wordpress plugin. Ton's of shortcodes to dress up my content very nicely.
Disqus for comments.
As Ulterios said, Google analytics dashboard is nice.
MCE table button, gotta have tables.
Premium SEO pack - for obvious reasons.
Q2W3 Fixed Widget - Fixes widgets you want to stay in the sidebar as people scroll.
Simple Page Sidebars - Make custom sidebars and any post or page.
Uber Menu for better menu's, bigger, ect.
Wp Author Box - Much better author box.
WP Ad Pro to rotate ads and banners, track ad stats.
Just started using Zendesk for support. Think I like it. Can't say 100% yet. But there are not many good support plugins out there.