The vast majority of site exploits are against canned software (whether commercial or free). Hackers seek out WordPress etc. sites and attack known deficiencies in older versions. That's why it's so critical to keep such installations up to date. They will even throw exploits against a wide range of software, hoping that something will get through. If yours is totally homebrew, hackers won't know what to attack or exploit, so you're a bit safer. However, a hacker may be able to guess an exploit based on common programming errors. so you're never totally safe. You need to be aware of common exploits and hacks, and check your code that it isn't vulnerable.