There are currently 64,564,532 Wordpress sites in the world. So if a hacker can find a vulnerability in Wordpress then there are plenty of sites to that could potentially be compromised.
Easy to setup
It's cheap and easy to get yourself a Wordpress site, and requires very little IT experience to get your blog up and running. On the downside lots of blogs are not patched up, and running old versions of Wordpress with known vulnerabilities, and not setup with best practices in mind, making them an easy and plentiful target, and therefore perfect bot candidates.
