Failure to keep software up-to-date almost guarantees that your site will eventually be compromised. Whilst the latest software is not immune to exploitation, there are publicly available databases of known vulnerabilities which hackers use to probe for weaknesses. Once an exploit is discovered and made publicly available, your site is vulnerable until a patch is issued and you use that patch to update your site.
Make sure that it is up-to-date with the most recent version offered by the vendor. "Pre-packaged software" effectively means any software package that you've placed in your domain directory such as a blog, gallery, forum, shopping cart, content management system, and so on. Out-of-date versions of such software frequently have well-known security holes that can be exploited via simple scripts that are bandied about freely amongst "hacker" and "script-kiddie" groups.
Don't overlook plugins when updating software. If you have any non-standard plugins activated for your applications, try a search engine query for the plugin name + "vulnerability" to see if anything crops up in the version you're using. If there are known vulnerabilities for the plugin in the version you're using, make sure to apply any available patches; otherwise, deactivate the plugin.