Make sure your addons/plugins are up-to-date.
My Wordpress auto-upgrades on my hosts, but I have to manually upgrade the plugins/addons via the dashboard.
generally,
Files = 644
Directories = 755
few exceptions like .cgi-related stuff.
Watch the inputs including search boxes.
https://www.exploit-db.com/search and search for Wordpress and be amazed.
Also, Google Dork is a valuable skill.
Code:
<addon/plugin> exploit
at any engine worth spit.
I have near 300 rules in my fail2ban, most are for Wordpress abuse.
You get the Wordfence Security Bulletin via email?
https://www.wordfence.com/blog/2017/...te-recommended