WordPress Vulnerability 2021

How Can Hacking Hurt Your Business?

An injected website can seriously damage your revenue and reputation.

Steal Important Data

  • Purloin your information and customer data and hold it for ransom
  • Win customers from yours
  • Sneakily host applications or store data on your server

Destroy Site SEO Performance

  • Blacklist 70,000 websites every week due to security
  • Drop your site rankings
  • Cause 95% of traffic lost

Affect Business Reputation

  • Create a poor impression for visitors
  • Lose all the marketing effort
  • Lose customers, clients, and partners' trust

Types of WordPress Vulnerabilities

There are numerous types of vulnerabilities. While some are simple to recognize, others make it difficult to notice until your site completely shuts down.

Cross-site Scripting

  • Become the most common and difficult vulnerability found on WordPress sites
  • Allow unwanted JavaScript code to be executed on your site
  • Steal your data or control how the site looks and behaves

Brute Force Attack

  • A trial-and-error process to guess the login info of your site
  • The cause of 5% of confirmed security breaches on all sites
  • Multiple types of brute of attacks: Simple, Hybrid, Dictionary, Reverse, and Credential Stuffing

Other types of WordPress vulnerabilities:

  • Authentication bypass
  • Full path disclosure
  • Denial of service
  • Multiple attack vectors at once

SQL Injection

  • Hackers insert malicious SQL statements into your database
  • The first SQL injection attack was found out by Jeff Forristal in 1998
  • 3 types of SQL injection: in-band, inferential (or blind), and out-of-band

Privilege Escalation

  • Authorize unpermitted users to make changes to your content
  • Base on supporting plugins to generate and misuse the features of your post types
  • Mostly found in Contact Form 7 plugin

Stunning Statistics About WordPress Security

The following latest WordPress vulnerability statistics give you a clear picture of how serious WordPress security issues are.

General WordPress Security Statistics


Google blacklists 70,000 websites due to security issues every week.


WPScan has tracked 22,113 core software vulnerabilities in total.


Hosting platforms are responsible for 41% of all WordPress attacks.


84% of all security vulnerabilities on the internet are the result of XSS attacks.


61% of infected WordPress websites were out of date.


44% of hacking was caused by outdated WordPress sites.

WordPress Plugin and Theme Vulnerabilities


52% of WordPress vulnerabilities relate to plugins while themes account for 11%.


Weak passwords contribute to 8% of WordPress website hackings.


3% of over 55k plugins on the WordPress directory have never been updated.

How to Ensure WordPress Security

Precaution is always better than cure. You should prevent malicious users from attacking your site at the doorstep rather than taking time to fix things when errors occur.

Strengthen WordPress Passwords

  • Create long passwords with letters, numbers, and symbols
  • Make it unique and have never been used elsewhere

Update WordPress Versions

  • Get the latest versions of WordPress, themes, and plugins
  • Avoid nulled plugins and themes

Limit Login Attempts

  • Set a specific logging time
  • Restrict malicious IP addresses
  • Customize the default login URL

Set-up Two Factor Authentication

  • Add additional security layer by entering a code sent to message and email or scanning a QR code
  • Bring your site security to a higher level

Use Security Plugins

  • Put your site behind a firewall
  • Go through the process of scanning, cleaning, and protection
  • The top 5 plugins: Sucuri, iThemes Security Pro, Jetpack Security, WPScan, and Wordfence