Why your recrutiment website may be hacked
Billions of pounds are made from stealing data that is then used for criminal purposes. Recruitment websites with candidate portals store the data that facilitates that theft.
WordPress sites are also known to store personal data in their plugins, and 98% of all hacks on WordPress take place due to poor plugin security. GoDaddy security products state that 70-90% of the hacks they deal with are WordPress-related.
What is the solution?
Delete your candidate portal feature and take the data straight to your ATS.
If you don't want to move off WordPress, then move the support of your website to a recognised WordPress support vendor who manages WordPress sites to the correct standard to mitigate the core weaknesses of WordPress. These services will cost you £100 to £300 a month.
Or move to a vendor who does not store the data in the website that puts you at risk, like, say, RecruiterWEB.