This section will explain the percentage of causes of WordPress being hacked.


Image credit: WordFence

Nearly 60% of WordPress hacks are caused by plugins

As you can see, nearly 60% of WordPress hacks are caused by plug-ins.

In other words, plugin vulnerabilities are the most important thing to watch out for when operating WordPress.

Reference
What are WordPress program vulnerabilities?

The reason why plugin vulnerabilities are the most commonly attacked is that there are tools circulating in the hacker world that can attack multiple plugin vulnerabilities at once, making it easy for even the least skilled hacker to take advantage of them, It is important for WordPress security to keep plug-ins up-to-date, to remove unwanted plug-ins, and to test plug-ins for vulnerabilities.

The second most common BRUTE FORCE

The second most common brute force method is to use a dictionary of commonly used passwords on the WordPress login screen to determine the administrator’s password by repeating the login operation tens of thousands of times.

It is important to protect the login screen (change URL, capture, 2-way login) with plug-ins, but even more important is to use a strong password.

Strong passwords are as follows

A meaningless string of characters.
Must be at least 12 characters long
Contain at least one alphanumeric character, one uppercase letter, one lowercase letter, and one symbol.

Such passwords are not registered in dictionary tools and are virtually impossible to break even if a random string of characters is checked, which takes tens of thousands of years on a modern computer.
(For this reason, if strong passwords are set, there is no need to protect the administration panel in the first place.)

Other Causes of Hacking

Let’s look at the 3rd, 4th, and 5th most common causes of hacking.

core → These attacks exploit vulnerabilities in the old core files of WordPress. The automatic update of WordPress will close these core file vulnerabilities on its own. If the version with the last digit (e.g., 6.0.2) is the latest, it means that the security patch has been applied.

theme → Overseas, a particular paid theme may have a large market share and may be vulnerable. In the case of Japan, it is still rare that vulnerabilities are found in themes distributed in Japan, which have a large market share, and original themes are rarely individually checked for vulnerabilities, so theme-caused hacking is rare.

hosting → Hacking of the server itself, such as the server’s operating system (Linux, etc.), old Apache, PHP, etc. If you are using a shared server for WordPress, it is unlikely to be hacked in this way.

You can easily check your WordPress for malware with a plugin.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Related Posts:

  1. If I put a security plugin in wordpress, can it be hacked tampered with?
    We know that many WordPress sites have security plug-ins. We will consider how much the possibility of your site being hacked is reduced by installing this security plugin....
  2. 8 characteristics of sites that can be hacked by WordPress
    We would like to explain the most common characteristics of the sites we have repaired at WordPress Doctor that have suffered malware damage due to hacker infiltration. If you take the following security measures, you will be able to reduce hacker infiltration to a great extent....
  3. Log-in-related security measures alone are not enough to prevent WordPress hacking
    We understand that many sites have installed various security plug-ins to prevent WordPress hacking, but some plug-ins are specialized for the login screen only. These plug-ins do not provide much protection against WordPress hacking. We will explain why....
  4. WordPress Top 5 Security-Risky Operations Ranking
    WordPress hacking has become more and more common since WordPress has been used by many sites around the world. Here we would like to explain in ranking order the most operationally dangerous activities that are most likely to be targeted by hackers. No. 5 – Access to the login screen and xmlrpc.php as many times as you want Hackers can...
  5. Disable updating only certain plugins in wordpress
    This section explains how to rewrite the version to a higher value so that only certain plugins cannot be updated in WordPress....
  6. 5 characteristics of sites that are subject to WordPress hacking, hijacking, or defacement.
    At WordPress Doctor, we perform malware removal and security measures on behalf of more than several hundred sites per year. Based on this experience, we would like to share with you the characteristics of sites that have been hacked, hijacked, or defaced....