Here, we’ll explain how to monitor and respond to WordPress vulnerability information within your organization.

WordPress Vulnerability Mitigation
It is said that more than 60% of the reasons why WordPress sites get hacked are due to vulnerabilities in the WordPress core or plugins.
In particular, vulnerabilities in WordPress plugins account for more than 90% of these causes, making it extremely important to monitor your WordPress site for vulnerabilities.
Basic Methods and Approaches for WordPress Vulnerability Mitigation
1. Do Not Disable the Automatic Update Feature for Minor WordPress Versions
The WordPress core includes two levels of automatic updates:
one that automatically applies all version updates, and another that automatically applies only security patches.
You can configure these two types of updates by going to the “Dashboard” → “Updates” page, where you’ll find the following options:
“Enable automatic updates for all new versions”
“Enable automatic updates for maintenance and security releases only”
Since “Enable automatic updates for maintenance and security releases only” applies only security patches, it is less likely to cause issues even when automatic updates are enabled; therefore, we recommend keeping this option enabled.
2. Plugin Management
To prevent hackers from exploiting plugin vulnerabilities and gaining unauthorized access, it is a critical security measure to review and address these issues at least once every few months.
If automatic plugin updates are enabled, the plugin developer will fix any vulnerabilities and apply updates automatically, significantly increasing your peace of mind.
However, if automatic updates are not enabled, or if a plugin has not been updated for a long time (because the developer has discontinued development), you should check whether it has any vulnerabilities. If vulnerabilities are found, you should either stop using that plugin or take steps to address them.
Identify vulnerabilities in plugins that have updates available but haven’t been applied (or can’t be applied), or for which no updates have been released for more than six months.
You can check for plugin vulnerabilities on sites like the ones listed below.
Use these sites to check for vulnerabilities in any plugins you’re using that meet the criteria above.
*You can also check for vulnerabilities directly within plugins. Please feel free to use this feature.
[Free] WordPress: Malware Scan & Security Plugin [Malware & Virus Detection and Removal]
Address high-risk vulnerabilities as soon as possible
If we find a particularly dangerous vulnerability that could allow tampering with the database or site files, we will address it as soon as possible.
Hackers use hacking tools that exploit vulnerabilities to easily breach tens of thousands of WordPress sites—the world’s most widely used CMS—one after another.It is extremely important that your site does not have any vulnerabilities that could allow it to be easily compromised during such indiscriminate attacks.
If a plugin has a critical vulnerability, you must either apply an update to that plugin or, if no update is available, deactivate the plugin, switch to an alternative plugin, or—if the plugin is essential—create and apply a patch yourself to fix the vulnerability.
Generally, since these tasks are quite difficult, we recommend consulting with an expert.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.



