This section will explain the most important WordPress security measures to be aware of.

Causes of WordPress being hacked

The above chart shows a bar graph of the most common causes of WordPress hacking, in order of most common. (According to WordFence, Inc.)
Source: https://www.wordfence.com/blog/2016/03/attackers-gain-access-wordpress-sites/

It can be seen that plugin vulnerabilities are number one at nearly 60%, followed by brute force attacks (brute force attack on administrator passwords) at just under 20%.

(In the case of Japan, since many Japanese-made themes are used and hosting is often done on shared servers, the numbers for the two statistics of Theme and Hosting are considerably reduced, with 70% due to plug-ins and over 20% due to brute force attacks, and these two factors can explain over 90% of WordPress hacking. Hacking is explained by 70% of plugins and more than 20% by brute force attacks).

Sucuri also found that more than 90% of the vulnerabilities reported in WordPress are plugin vulnerabilities.

Statistics show that the most important security measures for WordPress

This shows that it is possible to prevent around 20% of hacking by simply making the password for WordPress administrator privileges strong.

The password for WordPress administrator privileges should be a string of at least 12 meaningless characters, including upper and lower case letters, numbers, and symbols.
This security measure will basically work all the time, as long as the site is SSL-secured, the password will not be leaked to the outside world via the Internet.

Plugin vulnerabilities should be checked regularly.

Hackers attack a vast number of WordPress sites using tools that exploit one prominent vulnerability after another (vulnerabilities that can easily be successfully hacked and the site’s files altered). If a plugin installed on your site has a well-known vulnerability, the hack will eventually succeed.

In our experience, many sites with well-known vulnerabilities in their plug-ins are hacked within six months to a year.

We test plug-ins for vulnerabilities every few months and update them if vulnerabilities are found.

It is very important to regularly check plug-ins for vulnerabilities using security plug-ins, vulnerability databases, etc., and update plug-ins if vulnerabilities are found.

It is best to regularly update WordPress, the plugin, and the plugin itself without checking for vulnerabilities, but in this case, the update may cause bugs in the site, or you may be asked by the creator not to update the plugin due to compatibility with the original theme. However, in such cases, it is best to update all plug-ins regularly.

Even if a plugin is deactivated, it is often possible to exploit the vulnerability, so it is necessary to update or remove the deactivated plugins as well.

WordPress sites have an image of being vulnerable to hacking, but the sheer volume of WordPress sites means that many sites have been hacked, and even simple security measures can greatly reduce the possibility of being hacked.

Hackers will quickly give up on sites that cannot be easily hacked and move on to the next site, so with the above two measures, WordPress will almost never be hacked.

Terms of Use for Generated AI

This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.