“73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.” – WpWhiteSecurity.com
“The four most common WordPress malware infections are Backdoors, Drive-by downloads, Pharma hacks, and Malicious redirects.” – Smashing Magazine
“Organizations increasing security budgets with 50% in 2017.” – cybersecurity.isaca.org
“Only 39% of WordPress websites are running the most current version of the software (4.8).” – WordPress
“81% of attacks are based on insecure or stolen passwords, being the main tactic used.” – Panda Security
“Only around 40 percent of WordPress sites are up to date.” – TorqueMag.io
“If you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the security problem.” – Wordfence.com
“53% of enterprises experienced more attacks this year than in the year prior.” – cybersecurity.isaca.org
“Ransomware attacks increased by 36 percent in 2017.” – Symantec.com
“In 2016, the U.S government spent a $28 billion on cyber security — and this is expected to increase in 2017 – 2018.” – Taxpayer.net
“Every day, Safe Browsing discovers thousands of new unsafe sites. Many of these are legitimate websites that have been compromised by hackers. Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.” – Google
“According to a recent report by wpscan.org, of the 3,972 known WordPress security vulnerabilities:
52% are from WordPress plugins
37% are from core WordPress
11% are from WordPress themes” – ithemes.com
“41% were hacked through a security vulnerability on their hosting platform.” – wpwhitesecurity.com
“Top usernames being attacked: admin, Admin, administrator, test, root. ” – wpsmackdown.com
“EnableSecurity’s scan of Alexa’s Top 1,000,000 websites found that 41,106 websites were running WordPress (a little over 4% of these top websites).” – NakedSecurity
“18 million WordPress users were compromised during the worst breach of WordPress security.” – Skilled
“Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute.” – Wordfence
“8% of WordPress security breaches happen as the result of a weak password.” – WPSmackDown
“Only 48% of WordPress websites are running the most current version of the software (4.9).” – WordPress.org
“Only 40% of WordPress websites are running the most current version of the php (7.2).” – WordPress.org
I have over 15 years of experience in building plugins and themes for WordPress and other platforms.
Contact me if you have plugins that you want me to check before you insert them into your website. I will be happy to check them for security and speed.
- What changed when we started using WP Ghost - December 5, 2025
- WordPress REST API Security: Best Practices and Tools - June 24, 2024
- WordPress Firewalls & Tools for Your Website Security - June 17, 2024