According to WordFence, 1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. In one study, it was found that there are 3,972 known WordPress vulnerabilities and this number is climbing every day. Out of which, 52% are from WordPress plugins, 37% are due to core WordPress files & 11% are from WordPress Themes.
According to WPScan, 52% of WordPress vulnerabilities are due to WordPress Plugins. And in one study, it was reported that 4000 websites were infected by malware due to a fake SEO plugin. Before installing any plugin, you must ensure it’s from a reliable source, compatible with the latest WordPress version and up to date.
According to WebsiteBuilder, Google blacklists 70,000 websites due to security issues every week. From the blacklisted sites, 50,000 are guilty of phishing while the rest are for malware issues.
You might be surprised that The Panama Paper Leak, in which 4.8 million emails were exploited, was due to a WordPress Plugin vulnerability. The most common malware infections on WordPress are Backdoors, Drive-by downloads, Pharma hacks & Malicious redirects.
According to Sucuri,
- 83% of all the CMS based websites, which are hacked, are built on WordPress.
- 39% of hacked WordPress websites used outdated versions of the software.
- 90% of its cleanup requests are from WordPress
One study showed that out of all the WordPress websites, only 11.45% used SSL Encryption.