This section will explain the percentage of causes of WordPress being hacked.
Image credit: WordFence
Nearly 60% of WordPress hacks are caused by plugins
As you can see, nearly 60% of WordPress hacks are caused by plug-ins.
In other words, plugin vulnerabilities are the most important thing to watch out for when operating WordPress.
Reference
What are WordPress program vulnerabilities?
The reason why plugin vulnerabilities are the most commonly attacked is that there are tools circulating in the hacker world that can attack multiple plugin vulnerabilities at once, making it easy for even the least skilled hacker to take advantage of them, It is important for WordPress security to keep plug-ins up-to-date, to remove unwanted plug-ins, and to test plug-ins for vulnerabilities.
The second most common BRUTE FORCE
The second most common brute force method is to use a dictionary of commonly used passwords on the WordPress login screen to determine the administrator’s password by repeating the login operation tens of thousands of times.
It is important to protect the login screen (change URL, capture, 2-way login) with plug-ins, but even more important is to use a strong password.
Strong passwords are as follows
A meaningless string of characters.
Must be at least 12 characters long
Contain at least one alphanumeric character, one uppercase letter, one lowercase letter, and one symbol.
Such passwords are not registered in dictionary tools and are virtually impossible to break even if a random string of characters is checked, which takes tens of thousands of years on a modern computer.
(For this reason, if strong passwords are set, there is no need to protect the administration panel in the first place.)
Other Causes of Hacking
Let’s look at the 3rd, 4th, and 5th most common causes of hacking.
core → These attacks exploit vulnerabilities in the old core files of WordPress. The automatic update of WordPress will close these core file vulnerabilities on its own. If the version with the last digit (e.g., 6.0.2) is the latest, it means that the security patch has been applied.
theme → Overseas, a particular paid theme may have a large market share and may be vulnerable. In the case of Japan, it is still rare that vulnerabilities are found in themes distributed in Japan, which have a large market share, and original themes are rarely individually checked for vulnerabilities, so theme-caused hacking is rare.
hosting → Hacking of the server itself, such as the server’s operating system (Linux, etc.), old Apache, PHP, etc. If you are using a shared server for WordPress, it is unlikely to be hacked in this way.
You can easily check your WordPress for malware with a plugin.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].