WordPress security vulnerability scan sample shows increase over six month period

Published: 31 March 2022

Latest scan shows uptick in security issues for WordPress sites.

Security vulnerabilities across a broad sample of WordPress-based publishing sector sites have increased over a six month period, the latest GPP data shows.

Of 114 sites in the representative selection, as of month ending March 2022, a whopping 71.93% (82 sites) were not running on the latest 5.9.2 Wordpress version, and 66.67% (76 sites) carried identifiable security vulnerabilities as reported by the official Wordpress scanning tool.

A previous scan, undertaken in October 2021, revealed that only 50 of 114 sites were running on the latest 5.8.1 version of WP, and 70 carried identifiable security issues. 

Most WP security issues are with plug-ins, with the most recent data indicating that around 90% come from free plug-ins, and 10% from commercially available ones.

Wordpress developers frequently criticise the lack of a central notification system for such vulnerabilities, instead only becoming aware of them when it comes apparent a plug-in has been withdrawn from use.