Top Threats to WordPress Sites Identified in New Report A new report identifies the top security threats and most common attacks against WordPress sites. Bio 434 Advertisement Continue Reading Below Security firm Wordfence published a report on threats and attacks targeting WordPress sites, with data gleaned from the 4 million customers that have its software installed. The major threats facing WordPress sites fall into three categories: Malware from pirated themes and plugins Malicious login attempts Malware From Pirated Themes & Plugins The most widespread threat to WordPress security is malware from pirated (nulled) themes and plugins. Wordfence detected more than 70 million malicious files on 1.2 million WordPress sites in the past year. Over 17% of all infected sites had malware from a nulled plugin or theme.