We will see each issue one by one.

  1. Brute Force Attack
  2. SQL Injection
  3. Malware
  4. Cross-Site Scripting
  5. DDoS Attack
  6. Old WordPress and PHP versions

1. Brute Force Attack
Brute Force Attack involves multiple try and error approach using hundreds of combination to guess the right username or password. This is done using powerful algorithms and dictionaries which guesses the password using some kind of context.

This kind of attack is difficult to execute but it still is one of the popular attacks executed on WordPress sites. By default, WordPress does not block a user from trying multiple fail attempts which let a human or bot try thousands of combinations per second.

2. SQL Injection
One of the oldest hacks in the book of web hacking is injecting SQL queries to effect or to completely destroy the database using any web form or input field.

Upon successful intrusion, a hacker can manipulate the MySQL database and quite possibly gain access to your WordPress admin or simply change its credentials for further damage. This attack is usually executed by amateur to mediocre hackers who are mostly testing their hacking capabilities.

3. Malware
Malicious code is injected into WordPress through an infected theme, outdated plugin or script. This code can extract data from your site as well as insert malicious content that might go unnoticed due to its discreet nature.

Malware can cause mild to serious damages if not handled on time. Sometimes the whole WordPress site needs to be re-installed as it has affected the core. This can also add cost to your hosting expense as a large amount of data is transferred or is being hosted using your site.

4. Cross-Site Scripting
One of the most common attacks is Cross-Site Scripting also known as XSS attack. In this type of attack, the attacker loads a malicious JavaScript code which when loaded at client side start collecting data and possibly redirecting to other malicious sites affecting the user experience.

5. DDoS Attack
Anybody who has browsed the net or manages a website may have come across the infamous DDoS attack. Distributed Denial of Service (DDoS) is the enhanced version of Denial of Service (DoS) in which a large volume of requests are made to a web server which makes it slow and ultimately crashes.

DDoS is executed using single-source while DDoS is an organized attack executed via multiple machines across the globe. Every year millions of dollars are wasted due to this notorious web security attack.

6. Outdated WordPress & PHP Versions
Outdated WordPress versions are more prone to get affected by a security threat. Over time hackers find their way to exploit its core and ultimately execute the attack on the sites still using outdated versions.

For the same reason, the WordPress team releases patches and newer versions with updated security mechanisms. Running older versions of PHP can cause incompatibility issues. As WordPress runs on PHP, it requires an updated version to operate properly.

As per WordPress’s official statistics, 42.6% of users are still using various older versions of WordPress.