I’d like to discuss the issue that security measures for many WordPress sites tend to focus too much on protecting the login process.

Are you focusing too much on securing the WordPress login screen?
WordFence has reported the following causes of WordPress hacking:

https://www.wordfence.com/blog/2016/03/attackers-gain-access-wordpress-sites/
1st: Plugin vulnerabilities—nearly 60%
2nd: Login page breaches (brute-force attacks)—nearly 20%
3rd: Vulnerabilities in WordPress core files—nearly 10%
4th: Theme vulnerabilities—around 5 percent—
5th: Hosting server vulnerabilities—around 5 percent—
These statistics align with our own experience, as we frequently find that clients have vulnerable plugins installed when we perform malware removal on their WordPress sites.
The probability of the login screen being compromised is less than 20%
Based on these statistics, the probability of the login screen being compromised and WordPress being hacked is less than 20%. Furthermore, since a brute-force attack is a method that attempts to guess the correct password by systematically trying common passwords one after another, a brute-force attack will generally fail if you use a strong password(a password of 12 characters or more containing a random mix of alphanumeric characters and symbols), a brute-force attack will not succeed.
For this reason, the most important security measure for WordPress is not so much securing the login screen, but rather addressing vulnerabilities in WordPress plugins and core files.
*You can also use plugins to scan for and remove WordPress vulnerabilities and malware. We highly recommend using them.
[Free] WordPress: Malware Scan & Security Plugin [Malware and Virus Detection and Removal]
Currently, many websites focus their efforts on strengthening login page security
However, security measures for WordPress sites are often limited to changing the login page URL, implementing CAPTCHA, or enabling two-factor authentication (2FA). Since many site owners feel secure just by implementing these measures, it is common for their sites to become infected with malware.
While login screen security measures are not a waste of effort, it is even more important to constantly monitor for vulnerabilities. If a major vulnerability is found in a plugin or other component, taking immediate action—such as updating it—will ensure your site can be operated safely for the long term.
You can also check for high-risk plugins and WordPress Core vulnerabilities here.
We hope this information is helpful.
This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.



