1. Hosting server vulnerability
According to statistics, the number one cause of WordPress hacking is the vulnerability of the hosting server. This is an exploit of the vulnerabilities where the server settings and versions are old and the security holes are not blocked.
If you don’t know how to set up a hosting server, a shared server with fewer setting service, may be safer.
2. Vulnerability of the theme
Nowadays, various WordPress themes are available for purchase. Some of them have almost no vulnerability countermeasures. (Many things are made with the idea that they only need to be fashionable.)
If you use the official template, I think that the vulnerability issue of the template can be avoided to some extent.
3. Vulnerability of plug-in
Attacks with plug-in vulnerabilities are second only to attacks against template vulnerabilities.
Measures include adapting plug-in updates properly and not introducing old plug-ins.
4. Password vulnerability
This is a vulnerability that occurs because the password of the WordPress administrator is weak. It is said that 50% of WordPress hacking successes exploited this vulnerability.
As a countermeasure
-Avoid names that can be recalled as general administrators such as admin, administrator, etc., and make them complicated and long.
-The password must contain at least 12 single-byte alphanumeric characters and single-byte English uppercase letters and numbers.
In order to prevent brute force attacks, we recommend that you introduce a plug-in that will not accept login input for several hours if you try to install capture on the login screen or fail to input multiple times.