Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
State of WordPress Security in 2021 (patchstack.com)
3 points by taubek on March 14, 2022 | hide | past | favorite | 2 comments



WP is sometimes referred to as insecure. According to this article it seems that WP Core is secure, but plugins and themes are problematic: "Vulnerabilities from plugins and themes remain as one of the biggest threats to websites built on WordPress. In fact, just 0.58% of security vulnerabilities originate from WordPress core in 2021."


Indeed, majority of vulnerabilities originate from the plugins and themes. On average a WordPress website has like 18 plugins installed - 42% of those sites have at least one of those plugins with a known security vulnerability. If you look at critical security vulnerabilities found in plugins in 2021, you see that 29% of those didn't even receive a patch from the original developer. That means users who use those plugins never become aware of security issue in the plugin and WordPress just showed that the plugin is "up to date". The fact that there is 150% more vulnerabilities identified in 2021 compared to 2020 is actually a good sign - it means that there is more attention to security and more issues are being fixed.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: