- cPanel administration with multiple accounts in a single host without protections
- OS Updates not being run
- WordPress updates not being run
- Random add-on's being used without an awareness of security issues
- No SELinux (disabled)
The absence of good sysadmin skills, well packaged content, and updates 'for the loss' ...