1. Outdated versions of WordPress

WordPress developers are quick and efficient to launch new security patches. Not everyone cares to install them though. Many hackers take advantage of this to attack.

2. Vulnerabilities in plugins

Plugins extend WordPress’ core functionality but can also open your blog to potential security vulnerabilities. Attackers go after poorly coded and outdated plugins to get inside.

3. Vulnerabilities in themes

The same goes for themes. Unsafe and not frequently updated themes are a feast for greedy hackers.

4. Weak passwords

Surprisingly the easiest way to blow your blog’s vault. Easy-to-guess, simple passwords are an invitation for an attack.

5. Guest users or contributors

Just like having a weak password is allowing other users of your blog to set weak passwords or not making sure they’re being careful with whom they show them to.

6. Obscure money making deals

Blinded by making money at any cost, many bloggers sign up for the most obscure ad platforms only to install harmful code that will open their blogs’ doors to threats.

7. Wrong commenting policies

If you’re allowing anyone to comment on your blog with no required pre-approval… you’re just asking for a massive SPAM attack.

8. WordPress’ popularity

Hundreds of millions of websites use WordPress, making it hugely popular. This means that if a hacker can find a way in, they’ll have an almost unlimited pool of sites access.

9. Malicious redirects

Someone visits your website but gets redirected to some other site that might contain a malicious payload. This occurs when a hacker gets access to and edits your .htaccess file.

10. Shared hosting

If you’re on a shared hosting server, a hacker might manage to get access to it through some ‘open door’ found on another blog that shares the same server with you.

References

• https://codex.wordpress.org/Brute_Force_Attacks
• https://www.sitepoint.com/securing-wordpress-hackers-ddos-attacks/
• https://www.smashingmagazine.com/2012/10/four-malware-infections-wordpress/