Anyone providing professional services should have liability insurance.

Furthermore, unless a service provider has been acting negligently or has given some sort of guarantee like "With my services, your WordPress instance won't be hacked.", they usually can't be held responsible for actions and outcomes that are out of their control.

Specifically, I believe you are looking for E&O (errors and omissions) insurance. Make a mistake doing something, or mistakenly not do something, and it will cover your liability up to whatever coverage you buy.

As you say, willful negligence, malicious acts, false advertising and fraud are of course not covered.