1 Back door
Vulnerabilities, known as backdoors, allow hackers to install hidden entry points on your site to gain access to your WordPress site through the misuse of server privileges.
Once the backdoor is exploited, the hacker can access or rewrite all files on the hosting server, or install programs. (This would compromise multiple sites hosted on the same server).
Sucuri reports that backdoors continue to be one of the many post-hack actions taken by attackers, with 71% of infected sites having some form of backdoor installation.
2 PharmaHack.
Pharma hacks are used to insert malicious code into older versions of WordPress websites and plugins to cause search engines to display pharmaceutical ads when they search your website.
This vulnerability can also be a reason for search engines to block your site on the grounds that it is delivering spam.
PharmaHack’s behavior includes plugins and database backdoors.
The embedding of this malicious code is often obfuscated in the database and leaks out the plummet, so a thorough cleanup operation, including the database, is required to fix the vulnerability.
Reference Please use a plugin that also detects database malware
[Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
3 Brute Force Attacks (brute force attacks)
Strong login attempts use automated scripts to exploit weak passwords and attempt to log into a site.
Two-step authentication, limiting the number of login attempts, monitoring for unauthorized logins, blocking IPs, and using strong passwords are the easiest and most effective ways to prevent brute force attacks.
Brute force attacks also cause site slowdowns and other damage because they send large numbers of login enforcers to the site.
Malicious Redirect Redirect Hack
A malicious redirect is a vulnerability or a hacker who enters through a brute force attack creates a backdoor in WordPress and injects redirect code into your website.
A malicious redirect is a mechanism that is embedded in a website to forcefully misdirect users who visit a site to another site.
The redirect code is often placed in obfuscated form in .htaccess files or other core WordPress files, directing web traffic to the malicious site.
Cross-site scripting (XSS)
Cross-site scripting (XSS) is the injection of malicious scripts into a trusted website or application.
Attackers take advantage of this to induce malicious code (usually browser-side scripts) to execute without the end user’s knowledge.
An example would be some script included in a link that is executed the moment it is accessed on the site side. Since it does not involve rewriting the site’s internal files, it is limited in what it can do, so it is often less damaging than backdoors and the like.
Cross-site scripting vulnerabilities are the most common vulnerabilities found in WordPress plugins.
Denial of Service
Denial of Service (DoS) vulnerabilities are dangerous vulnerabilities that exploit errors or bugs in your code to squeeze the memory of your website’s operating system.
Hackers can use an outdated version of WordPress software, a bug, or a backdoor to another site they target to launch a DoS attack via your site, bringing your site down.
Hackers have a large collection of these stepping stone sites, which are known as botnet chains.
Please use our free plug-ins to detect malware and backdoors, and to prevent brute force attacks!
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].