WordPress hacking has become more and more common since WordPress has been used by many sites around the world. Here we would like to explain in ranking order the most operationally dangerous activities that are most likely to be targeted by hackers.

Steal_password

No. 5 – Access to the login screen and xmlrpc.php as many times as you want

Hackers can launch a brute force attack on the login screen and the file xmlrpc.php with your login ID and password in order to take over your WordPress administrator privileges.
To prevent brute force attacks on the login screen, it is advisable to install a plugin such as limit login attempt that will repel IPs after several failed login attempts, and to edit the htaccess file in xmlrpc.php so that it cannot be accessed from outside.

No.4 – Lax permissions are set so that themes and plug-ins can be edited from the administration screen.

WordPress themes and plugins can be edited from the admin screen by setting permissions to writable. However, while this is convenient, it is not good for security. Set the permissions tight so that they cannot be edited from the admin screen.

No. 3 – Not updating WordPress plug-ins for more than a year

Eight percent of WordPress hacks are based on vulnerabilities in plugins. The more popular plugins are the most likely targets, and it is important to keep them up-to-date, especially if they are installed on a large number of WordPress sites.

No. 2 – WordPress is running at version 3.5 or lower.

The main body of WordPress has been studied more by hackers than by plugins. Many older WordPress versions have obvious vulnerabilities, and if left unchecked, the program code can often be modified to cause damage to site visitors, such as cross-site site scripting, spam email springboards, and embedded malware. Be sure to keep the latest version of WordPress.

No. 1 – Username is admin and password is an English word only

Weak IDs and passwords are the cause of 22% of WordPress hacks. Hackers use a dictionary of commonly used administrator IDs and passwords, which they programmatically type into the login screen over and over again to gain administrator privileges. The administrator’s user name should be coined, and the password should be at least 12 characters long, including alphanumeric characters.

Related Posts:

  1. Log-in-related security measures alone are not enough to prevent WordPress hacking
    We understand that many sites have installed various security plug-ins to prevent WordPress hacking, but some plug-ins are specialized for the login screen only. These plug-ins do not provide much protection against WordPress hacking. We will explain why....
  2. 8 characteristics of sites that can be hacked by WordPress
    We would like to explain the most common characteristics of the sites we have repaired at WordPress Doctor that have suffered malware damage due to hacker infiltration. If you take the following security measures, you will be able to reduce hacker infiltration to a great extent....
  3. Learn how hackers rewrite (alter) files on your WordPress site to increase security!
    As convenience and site functionality increases with the improved capabilities of programs on servers, not just WordPress, tampering with files on servers has become a major problem. In this article, we will explain how hackers rewrite WordPress files and consider ways to improve security....
  4. How can I increase the security of the WordPress login screen?
    We will explain how to increase the security of the WordPress login screen in order of importance....
  5. 7 WordPress Security Measures
    Hello, this is Yoshida of WordPress Doctor. I would like to share with you the most basic things you can do to improve the security of your WordPress site. I can’t guarantee 100%, but I think it will improve your security a lot....
  6. If I put a security plugin in wordpress, can it be hacked tampered with?
    We know that many WordPress sites have security plug-ins. We will consider how much the possibility of your site being hacked is reduced by installing this security plugin....