Here are some of the most dangerous operational risks most often targeted by hackers.
5 You can access the login screen and xmlrpc.php any number of times
Hackers use password brute force attacks to hijack administrator privileges to the login URL and the file named xmlrpc.php.
To prevent brute force attacks on the login screen, it is desirable to install a plug-in such as limit login attempt and change xmlrpc.php cannot be accessed from the outside.
4 Files permissions are weak, such as 777
WordPress themes and plug-ins can be edited from the administration screen if the permissions are writable. If you set 777, it will be possible to rewrite on all server privileges.
It is desirable to set permissions so that writing is possible with at least owner only.
3 WordPress plug-ins have not been updated for over a year
8% of WordPress hacks are uses vulnerbility of plug-ins. It is important to keep the latest version of plug-ins that are particularly prominent plug-ins that are easy to target and are installed in many WordPress.
2 WordPress version is below 3.5
Older versions of WordPress are exhausted by hackers.
Many old WordPress vulnerabilities have been revealed, and if this vulnerability is left unattended, it may damage site visitors such as cross-site scripting, spam mail stepping, malware embedding, etc.
Keep WordPress up to date.
１ User name is admin and password is alphabet only
22% of WordPress hacks are caused by weak ID and passwords.
Hackers use frequently used password dictionaries to automatically try to log in again and again to
take your administrator privileges.
Make sure that the administrator’s user name is not admin and that the password is at least 12 characters including alphabet and numeric characters.