WordPress Security Statistics 2020

According to W3Techs, a service run by Austrian consulting firm Q-Success  (that surveys the top 10 million sites ranked on Alexa):

“WordPress is used by 41% of all the websites, that is a content management system market share of 64.7%.”

Their reports are updated daily. 

“73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.” – WpWhiteSecurity.com

“The four most common WordPress malware infections are Backdoors, Drive-by downloads, Pharma hacks, and Malicious redirects.” – Smashing Magazine

“Organizations increasing security budgets with 50% in 2017.” – cybersecurity.isaca.org

“Only 39% of WordPress websites are running the most current version of the software (4.8).” – WordPress

“81% of attacks are based on insecure or stolen passwords, being the main tactic used.” – Panda Security

“Only around 40 percent of WordPress sites are up to date.” – TorqueMag.io

“If you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the security problem.” – Wordfence.com

“53% of enterprises experienced more attacks this year than in the year prior.” – cybersecurity.isaca.org

“Ransomware attacks increased by 36 percent in 2017.” – Symantec.com

“In 2016, the U.S government spent a $28 billion on cyber security — and this is expected to increase in 2017 – 2018.” – Taxpayer.net

“Every day, Safe Browsing discovers thousands of new unsafe sites. Many of these are legitimate websites that have been compromised by hackers. Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.” – Google

“According to a recent report by wpscan.org, of the 3,972 known WordPress security vulnerabilities:
52% are from WordPress plugins
37% are from core WordPress
11% are from WordPress themes” – ithemes.com

“41% were hacked through a security vulnerability on their hosting platform.” – wpwhitesecurity.com

“Top usernames being attacked: admin, Admin, administrator, test, root. ” – wpsmackdown.com

“EnableSecurity’s scan of Alexa’s Top 1,000,000 websites found that 41,106 websites were running WordPress (a little over 4% of these top websites).” – NakedSecurity

“18 million WordPress users were compromised during the worst breach of WordPress security.” – Skilled

“Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute.” – Wordfence

“8% of WordPress security breaches happen as the result of a weak password.” – WPSmackDown

“84% of all security vulnerabilities on the internet are the result of Cross-Site Scripting or XSS attacks.” – Acunetix

“SQL injections occur when an attacker gains access to your WordPress database and to all of your website data.” – Ahsay

“Only 48% of WordPress websites are running the most current version of the software (4.9).” – WordPress.org

wordpress security statistics 2018

“Only 40% of WordPress websites are running the most current version of the php (7.2).” – WordPress.org

wordpress security issues - php verison