We will explain the vulnerabilities that you should be especially aware of in WordPress.
Preventing random attacks by hackers
The most common cause of WordPress hacking is plugin vulnerabilities.
How Attackers Gain Access to WordPress Sites
WordPress hackers use a special search technique called Dork to find WordPress sites or sites with specific plug-ins installed via search engines, and whether or not the site has a vulnerability, they are satisfied with success. Whether the site is vulnerable or not, they will launch an attack as long as they are successful.
Such random attacks are sometimes carried out via tools that attack one vulnerable plugin after another that can be easily exploited.
For this reason, the most important vulnerabilities to watch out for in WordPress are,
Plug-ins that are highly prevalent and have dangerous vulnerabilities that can be easily exploited and used for a wide range of activities (e.g., generating files on the server). (It should be noted that many vulnerabilities can be exploited even when plug-ins are deactivated, so it is not safe to assume that they have been deactivated.)
You can also use a plugin to check for dangerous vulnerabilities in WordPress.
Prevent WPSCAN
In some cases, hackers may use a tool called WPSCAN to target specific sites and do a preliminary check for vulnerable plugins on the site from the outside.
WPSCAN is a free vulnerability research tool (or worse, a hacking tool), and is software that can be used to determine the version of a particular WordPress site, the plug-ins installed and their versions, and even launch a brute force attack!
For this reason, it is also highly effective from a security perspective to implement various measures to prevent WPSCAN attacks.
The above mentioned security measures to prevent WPSCAN are built into the [Free] WordPress:Malware Scanning & Security Plug-in [Malware and Virus Detection and Removal], which we hope you will try.