1. Passwords being cracked: FTP, SSH, Control Panel, WordPress Login and WordPress Database password.
2. Host Server itself has been hacked – not your individual website, but the Server that your website is on.
3. Directory permissions that are set incorrectly – if you have set directory permissions to 777 by mistake then BPS cannot do much to protect those directories because they are writable to everyone.
4. Installing a plugin or theme that contains exploitable code that appears to be legitimate and valid code. BPS blocks a large number of attack/hacker strings, but if the coding mistake in a plugin or theme is done in a way that that hacker would not need to use an attack string then BPS would not see that as an attack/hacking attempt.
5. A weak point of entry on 1 or more sites under the same Hosting Account – Example: If you have 10 websites and 9 of them are protected with BulletProof Security, but a hacker manages to compromise/hack 1 of your websites that is not protected then all of your other websites would be hacked if a hacker has uploaded a Shell script to this hacked site. A hacker Shell script has the capability to access/control/hack all of your other 9 websites under a Hosting Account from the hacked website.