What were once isolated attempts have now become a constant stream of automated attacks that test the resilience of online platforms. WordPress.com Web Application Firewall (WAF) data reveals that nearly 12,000 requests per second of unwanted or malicious traffic have been blocked worldwide over the past twelve months.

In Spain, the impact is notable. During the same period, more than 1.1 billion malicious requests were detected and some 15.3 million attack attempts were identified and blocked. The figures show that, although technology evolves, cybercriminals are also perfecting their methods, and prevention remains the only truly effective strategy.

Vulnerabilities that can be avoided

One of the most worrying factors is that a large part of the vulnerabilities do not come from complex failures, but from everyday carelessness. According to WordPress.com, most security incidents originate from practices that could have been avoided with proper digital maintenance management.

Among the main weak points are the plugins and outdated themes. Many of the intrusions recorded in the last year are related to extensions that were not updated in time or that had known vulnerabilities. Attackers often scan the network looking for precisely these obsolete components, making maintenance a critical task.

What were once isolated attempts have now become a constant stream of automated attacks that test the resilience of online platforms.

The other major weakness continues to be password management. Despite the availability of secure managers and multi-factor authentication, a considerable number of users continue to use predictable or repeated keys. As WordPress.com explains, “Single or duplicate passwords remain the most common gateway for attackers. One small oversight can compromise an entire site.”

Permissions, roles and insecure code

Beyond updates or passwords, there are less visible but equally dangerous risks. One of them is the inappropriate assignment of user roles. When administrators or editors have more permissions than necessary, their exposure to possible unauthorized access increases. Therefore, experts advise periodically reviewing the privileges of each account and adjusting access levels according to actual tasks.

Another source of growing risk is the use of custom code without review or without adequate security measures. Poorly written snippets, external integrations, or direct modifications to theme files can open gaps that are difficult to detect. In fact, some recent attacks have originated precisely from small lines of code inserted without control.

In this sense, specialists insist on the importance of having trusted developers, avoiding inserting unverified code and using automated analysis tools that detect vulnerabilities before publishing changes.

Recommendations for a safer site

Digital security does not depend only on technology, but on consistency. A secure website directly influences user trust, company reputation and, of course, search engine positioning, both traditional and powered by artificial intelligence.

WordPress.com recommends following a series of good practices that combine maintenance and prevention. These include regular software updates and pluginsremoving unnecessary extensions or from unknown sources, creating automatic backups and storing them in protected environments.

It is also essential to strengthen authentication through strong passwords and two-step verification systems. Data encryption and constant monitoring complete a defense scheme that, when applied correctly, drastically reduces exposure to incidents.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.