The popularity of WordPress means it is often a target of hacker attacks. The simplest attacks use brute force, often just entering usernames and passwords until they get in. Protect against these by changing the user name from ‘admin’ and enabling two-factor authentication. Cross-site scripting (XSS) attacks exploit a vulnerability with WordPress plugins. Use data sanitization to protect against them. Malicious code is another potential problem caused by using outdated or untrustworthy themes and plugins. SQL injection attacks involve accessing a database and gaining admin access, Distributed denial of service attacks overwhelm a site's server, causing a slowdown or crash. The Sucuri Security plugin provides protection against both SQL injection and DDoS attacks.
- Brute force attacks are made easier when the username is left as “admin.”
- Malicious code hacks often occur when WordPress themes and plugins are downloaded from untrustworthy sites.
- Distributed denial of service (DDoS) attacks involve a huge volume of requests causing the server to crash.
“To help you understand where the weak spots are, here are common WordPress hacks and vulnerabilities that could put a WordPress site in jeopardy.”