File Inclusion Exploits
The following weaknesses in the PHP code of your WordPress website are the most common security issue that hackers can take advantage of after brute attacks. (PHP, along with its plugins and themes, is the software that powers the WordPress website.)
The exploit happens through a file that contains insecure code and allows attackers to access your website to load remote files. One of the common ways for an attacker to access the website is through wp-config.php, one of the most important files in WordPress installation via file inclusion exploits.
A great way to deal with this is by denying access to WordPress sensitive files as WordPress includes several sensitive files, including wp-config.php, install.php, and readme.html. These files must be disabled from all external access.