We will look at the causes of WordPress hacking by its statistics.

1.Hosting server vulnerabilities

Statistics show that the number one cause of WordPress hacks is hosting server vulnerabilities. This is due to a vulnerability in the server’s configuration or version that is out of date and security holes have not been plugged.
If you are not sure about the configuration of your hosting server, it may be safer to use a shared server with less flexibility in configuration. For example, Lollipop servers have a program that determines that WordPress has been hacked and forcibly blocks access to the login screen.

2.Theme Vulnerability

Nowadays, a variety of WordPress themes are available for purchase. Some of them use fairly core WordPress functions and have little or no vulnerability protection. (Many of them are made with the idea that all they need to do is look nice.)
This is expected to become a problem in the future, but if official templates are used, the template vulnerability problem can be avoided to some extent. In other cases, the only way is to eliminate the vulnerabilities of the template one by one.

3.Plugin Vulnerabilities

Plugin vulnerability attacks are the second most common type of attack after template vulnerability attacks. The best way to prevent this is to keep up with updates (especially for plugins with a large number of installations, which are studied by hackers) and to avoid installing outdated plugins. WordPress Doctor also works to close vulnerabilities in individual plugins.

4.Password vulnerabilities

This is a vulnerability caused by a weak password for the WordPress administrator. It is estimated that 50% of all successful WordPress hacks exploit this vulnerability. Countermeasures

Avoid using names such as “admin” or “administrator” for the administrator ID, and make the ID complex and long.
Passwords should contain single-byte alphanumeric characters, uppercase letters, and be at least 12 characters long.

The basic rule is to use passwords that are at least 12 characters long and contain half-width alphanumeric and capital letters. In order to prevent brute force attacks, it is recommended to install a plug-in that captures the login screen and disables login input for several hours after multiple failed attempts.

Related Posts:

  1. Log-in-related security measures alone are not enough to prevent WordPress hacking
    We understand that many sites have installed various security plug-ins to prevent WordPress hacking, but some plug-ins are specialized for the login screen only. These plug-ins do not provide much protection against WordPress hacking. We will explain why....
  2. Who is most targeted in WordPress hacking (tampering)?
    Quote kinsta.com Who is most likely to be targeted in a WordPress hack?...
  3. WordPress Top 5 Security-Risky Operations Ranking
    WordPress hacking has become more and more common since WordPress has been used by many sites around the world. Here we would like to explain in ranking order the most operationally dangerous activities that are most likely to be targeted by hackers. No. 5 – Access to the login screen and xmlrpc.php as many times as you want Hackers can...
  4. Can converting a WordPress site to SSL (HTTPS) prevent hacking?
    We will explain whether or not hacking (tampering and malware infection) can be prevented if you convert your WordPress site to SSL (HTTPS)....
  5. 5 characteristics of sites that are subject to WordPress hacking, hijacking, or defacement.
    At WordPress Doctor, we perform malware removal and security measures on behalf of more than several hundred sites per year. Based on this experience, we would like to share with you the characteristics of sites that have been hacked, hijacked, or defaced....
  6. wordpress Strengthen the security of your wordpress login.
    Take action before you become a victim of site defacement due to WordPress login privilege seizure. What if a login vulnerability allows hackers to seize administrative privileges? The most noticeable change is that the number of WordPress users increases without your permission, which means that hackers have taken over the administrative privileges of your site. By creating users, hackers can...