These are the biggest threats facing WordPress sites today

News
By published

Malicious login attempts were by far the biggest threat

Open Lock
(Image credit: Pixabay)

Wordfence has released its 2020 report outlining the biggest threats to WordPress users. Based on the company’s raw data from WordPress attacks and infection trends, malicious login attempts, vulnerability exploit attacks, and nulled plugin malware made up the top three threats.

Malicious login attempts were the biggest attack vector by far targeting WordPress sites last year, with Wordfence blocking over 90 billion such attempts from more than 57 million unique IP addresses.  These attempts, which occurred at an average rate of 2,800 attacks per second, included both credential stuffing and brute-force attacks.

Wordfence advises users to employ multi-factor authentication (MFA) to provide added security against malicious login attempts. Although WordPress itself provides effective brute-force mitigation, MFA can prevent attackers from using automated login attempts, even when credentials have been disclosed via a data breach.

Education is key

In addition, Wordfence confirmed that there were 4.3 billion attempts to exploit vulnerabilities in 2020, with SQL injections, remote code execution attempts, and cross-site scripting among the most popular methods. Interestingly, malware originating from a nulled plugin or theme was also common last year, affecting 206,000 sites.

“In our review, we identified the three most widespread threats faced by WordPress sites in 2020: malicious login attempts, attempts to exploit vulnerabilities, and malware originating from nulled plugins and themes,” Ram Gall, a threat analyst at Wordfence, wrote.

“We also explored key takeaways from these threats and how to most effectively mitigate them. While technical controls such as Wordfence can dramatically improve your WordPress site security posture, the human element is always the weakest link in any organization. Education is the best way to make sure your site is secure.”

As Wordfence confirms, although security solutions can make a big difference in preventing cyberattacks, the human element should never be underestimated when individuals or businesses are looking to shore up their cyberdefences.

TOPICS
Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Website Hosting
cybersecurity
What's the right type of web hosting for me?
A cloud symbol imposed over a bank of servers in a data center.
What is cloud hosting and who needs it?
Minecraft game server hosting for streamers heading - The Minecraft logo above a Minecraft landscape.
I tried 15 hosts for streaming and hosting Minecraft games and these are the best
Dark web scanning on a laptop
Hostinger integrates dark web scanning into hPanel
WordPress
WordPress Foundation bid for greater trademark control halted, adding to more legal setbacks for CEO Matt Mullenweg
The PebbleHost website.
PebbleHost review
Latest in News
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
More about website hosting
cybersecurity

What's the right type of web hosting for me?
Minecraft game server hosting for streamers heading - The Minecraft logo above a Minecraft landscape.

I tried 15 hosts for streaming and hosting Minecraft games and these are the best
Apple Mac Studio

Apple Mac Studio M3 Ultra workstation can run Deepseek R1 671B AI model entirely in memory using less than 200W, reviewer finds
See more latest
Most Popular
Apple Mac Studio
Apple Mac Studio M3 Ultra workstation can run Deepseek R1 671B AI model entirely in memory using less than 200W, reviewer finds
The cover art for popular Max TV shows shown in a collage
Max has been adding some of Prime Video's most annoying features but also a load of better upgrades
AMD Instinct MI355X Accelerator
AMD signs huge multi-billion dollar deal with Oracle to build a cluster of 30,000 MI355X AI accelerators
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Gemma staring at something off-camera in Severance season 2 episode 10
'Everyone is going to be so torn': Severance star Dichen Lachman reacts to the popular Apple TV+ show's most 'intense' season 2 finale event
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models