Running Magento 1.9.0.0 today is highly risky. To secure your site, consider the following:
Repositories such as gwillem/magento-security-resources track community-sourced security checklists and vulnerability databases. Protection and Mitigation magento 1900 exploit github link
Several high-profile vulnerabilities target Magento 1.9.x, with many having public code available on platforms like GitHub and Exploit-DB . Running Magento 1
One of the most famous exploits for this version, it allows unauthenticated attackers to gain full administrative access by exploiting an SQL injection vulnerability in the /admin/ path. A well-known Python script for this can be found in repositories like joren485/Magento-Shoplift-SQLI. magento 1900 exploit github link