Here are the attacks PowerSEC defends against most often, in rough order of frequency.
1. Brute-force login attacks
Bots try thousands of common username/password combinations against /wp-login.php and /xmlrpc.php.
PowerSEC defense: rate-limit failed logins by IP, lock accounts after N failures, optional 2FA.
2. Vulnerable plugin/theme exploits
When a vulnerability is published in a popular plugin, attackers scan the entire web for sites still running the vulnerable version. The window between disclosure and mass exploitation is often <24 hours.
PowerSEC defense: vulnerability scanner checks your installed plugins/themes against the WPScan + NVD databases hourly (Pro) or daily (Free).
3. SQL injection (SQLi)
Malicious input that tricks your database into executing attacker SQL.
PowerSEC defense: Web Application Firewall (WAF) with OWASP CRS rules + WordPress-specific signature set.
4. Cross-Site Scripting (XSS)
Attacker injects JavaScript into your site that runs in your visitors' browsers.
PowerSEC defense: WAF blocks common XSS payloads. File integrity monitoring detects when JS files are modified unexpectedly.
5. Malicious file uploads
Attacker exploits a vulnerable upload form to upload a PHP shell — gives them remote code execution.
PowerSEC defense: real-time file scanner detects new PHP files in upload directories. Suspicious files auto-quarantined.
6. SEO spam injection
Hidden <a> tags inserted into your pages linking to gambling, pharmacy, or counterfeit goods sites.
PowerSEC defense: content scanner compares your DB post_content against known SEO-spam patterns.
7. Cryptojacking
JavaScript miner injected into your site that uses visitors' CPUs to mine Monero.
PowerSEC defense: WAF blocks known miner endpoints. Outbound connection monitor detects mining pool connections.