Unmanaged WordPress not usually worth the risk or trouble
The main lesson I take from the WordPress RevSlider attacks is that, for self-hosters, vigilance is absolutely necessary, but perhaps not enough, to keep your WordPress site secure from attack.