Here are the attacks PowerSEC defends against most often, in rough order of frequency.
1. Brute-force login attacks
Bots try thousands of common username/password combinations against /wp-login.php and /xmlrpc.php. Most attacks come from compromised IoT devices.
PowerSEC defense: rate-limit failed logins by IP, lock accounts after N failures, optional 2FA, CAPTCHA on login.
2. Vulnerable plugin/theme exploits
When a vulnerability is published in a popular plugin (e.g., Elementor, WPBakery, Yoast), attackers scan the entire web for sites still running the vulnerable version. The window between disclosure and mass exploitation is often <24 hours.
PowerSEC defense: vulnerability scanner checks your installed plugins/themes against the WPScan + NVD databases hourly (Pro) or daily (Free). Auto-updates can be enabled per-site.
3. SQL injection (SQLi)
Malicious input that tricks your database into executing attacker SQL. WordPress core is well-protected, but plugins (especially custom ones) often aren't.
PowerSEC defense: Web Application Firewall (WAF) with OWASP CRS rules + WordPress-specific signature set. Blocks attacks before they reach your code.
4. Cross-Site Scripting (XSS)
Attacker injects JavaScript into your site that runs in your visitors' browsers. Used to steal cookies, redirect users, or skim card data.
PowerSEC defense: WAF blocks common XSS payloads. File integrity monitoring detects when JS files are modified unexpectedly.
5. Malicious file uploads
Attacker exploits a vulnerable upload form to upload a PHP shell — gives them remote code execution on your server.
PowerSEC defense: real-time file scanner detects new PHP files in upload directories. Suspicious files auto-quarantined.
6. SEO spam injection
Hidden <a> tags inserted into your pages linking to gambling, pharmacy, or counterfeit goods sites. Often invisible to humans but indexed by Google.
PowerSEC defense: content scanner compares your DB post_content against known SEO-spam patterns. Alerts on suspicious link injection.
7. Cryptojacking
JavaScript miner injected into your site that uses visitors' CPUs to mine Monero. Drives away users (browser warnings) and hurts your reputation.
PowerSEC defense: WAF blocks known miner endpoints. Outbound connection monitor detects mining pool connections.