We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess.
However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers can get access directly to the database to modify functionality and inject malicious code.
Brute Force Attacks on WordPress Databases
Databases are another potential target for brute force attacks.