Your site will be tested if:
- It holds anything of value,
- It attracts lots of attention (sorry) or
- It’s controversial in any way.
The software you’ve written (your own code) critically depends on your knowledge of things like “sanitizing” the data input by users. See https://code.tutsplus.com/tutorials/sanitize-and-validate-data-with-php-filters–net-2595.
The platform you’ve built on, whether high-level like WordPress or much lower-level like CodeIgniter, will have its own security issues and require monitoring and patching.
And the same interactivity that attracts users and builds your following dramatically increases your risk.
The risk isn’t just yours: your users are taking a risk trusting you with any information, and simply by coming to your site. Injected code, for instance, can both steal data and infect visitors’ computers.