Daily Facts - Day #33: 7 food-for-thought Wordpress security stats

blog cover image
25
6.8K followers

A few days ago I've had two posts about how awesome is to have free SSL here at WA.

Meanwhile I've found a few more interesting security-related Wordpress stats.

Here they are ...

According to CodeInWP ...


  • WordPress is the most hacked into content management system of them all. Out of the 8,000 infected websites analyzed in a study, 74% were built on WordPress.
  • 61% of infected WordPress sites are out of date.
  • The top three plugins that hackers love breaking into are TimThumb, Revslider, and Gravity Forms.
  • According to one study, 31% of Alexa’s top 1 million websites run a vulnerable version 3.6 of WordPress!
  • Wordfence reports up to 90,000 attacks on WordPress sites every minute!
  • 52% of the vulnerabilities reported by WPScan are caused by WordPress plugins.
  • 11% of WordPress vulnerabilities are caused by WordPress themes!

So ...

They say that are 90K attacks per minute ... That means 129,600,000 attacks per day!!

And they also say, that 11% of attacks are caused by themes ... That means 14,256,000 attacks every single day!! Caused only by vulnerable themes!!

Frightening!

Your thoughts?


Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training

Recent Comments

37

WP experts suggest periodic backups of your WP site just in case of a destructive attack.

Any suggestions as to how often and how to do a backup?

How? A good backup plugin. It should be the very first plugin installed.

How often? Depends how often you create new content, make changes, etc. Worse case scenario: once per month.

Wow what an article Zed! If I were going swimming in shark infested-waters that would behoove me the get everything that would protect me from the sharks! Thanks for the information!

Thanks for your time John!

I have had non-WA sites infected by hackers who are able to gain access and alter posts. Usually, these attackers which do some damage like change titles to offensive messages or even delete information.

Every time it was because of the old plugins I had not updated recently. They are a blessing and a curse to be sure. The problem also occurs with old plugins that are no longer maintained.

But things can get messy because your hosting service gets a little upset and threatens to shut down your site unless you get more security.

Thanks for your feedback David!

Yikes...those are statistics I don't like to see.

Closing your eyes won't help :)

Thanks Debbie!

That is just crazy, can Wordpress do something about their pluggins and themes,I am worried for Newbies who are still learning and not sure of how to manage these issues.

It's simple Florence ... Trusted, well-rated, proffessional themes and plugins only ...

Maybe you should do a training on how to choose well rated, Trusted and Proffessional themes next.... I personally would love that,consider it.

Thanks for the tip ... Actually I already have something like that ... True, isn'nt built explicitely around security reasons ...

Here it is

Can we assume that the only vulnerable themes are outdated themes, or should be have a list of which ones to avoid?

Most likely the outdated ones are the most dangerous ... but even an "updated" theme can be dangerous if isn''t coded properly ...

With 10s of thousands of themes out there I'm afraid we won't have a list ...

Too bad...

Which part?

That we can't quickly check to make sure our themes aren't in the "likely to be hacked" list. I'm also unsure about the "coded properly" portion, so I'll need to check that out.

It's impossible to create a list ... There are too many things ...

Coded properly = a professional theme, made by professional developers

certainly is

Thanks Alan!

thanks for digging into this. It does concern me that Wordpress is so vulnerable.

I'm pretty sure that we are covered here at WA :)

But yes, themes, plugins, etc can cause many problems ...

It behooves you to have confidence in a theme. There are many paid themes that are secure. This is the main reason that I use a Premium theme.

I also add Wordfence Security to all of my sites. Just one more level of protection.

I agree 101% Craig!

Same here. Paid Premium theme + Wordfence.

Very frightening indeed!
I wouldn’t have guessed it to be that high at all...
I try to read how up to date a theme or plugin is. Generally it will say if it has been updated recently. If it’s been a few years, and you know they should have had an update,probably don’t install it.

Thanks for the great lookout! Everyday I look forward to your posts my friend!
Timm

Thanks for your time Timm!

See more comments

Login
Create Your Free Wealthy Affiliate Account Today!
icon
4-Steps to Success Class
icon
One Profit Ready Website
icon
Market Research & Analysis Tools
icon
Millionaire Mentorship
icon
Core “Business Start Up” Training