This may be less surprising when you consider that 42.7% of all websites use WordPress. However, almost twenty billion attacks is still quite a lot, even when you take WordPress’s market share into account. The bad news continues: 8 out of 10 WordPress security risks are rated as “medium” or “high” in severity according to the Common Vulnerability Assessment Framework.
wordpress security: reported vulnerabilities by severity
But before you delete your WordPress account, you should know that these numbers aren’t entirely WordPress’s fault. Or at least, not the fault of the WordPress product itself. WordPress has a large security team of world-class researchers and engineers who look for vulnerabilities in its system, and they regularly release security updates fantuan database for its software . As far as the WordPress core goes, we’re protected. The problem is how WordPress is delivered to users. WordPress is open-source software , which means the source code is available for anyone to modify and distribute. Because WordPress is open-source , the software can be endlessly customized and optimized . There are thousands of plugins , themes, and developers with the skills to modify the back-end code themselves. This flexibility is the defining feature of WordPress, and a huge part of what makes it so powerful and widely used.
The flip side of this freedom is that an improperly configured or maintained WordPress site is susceptible to a huge number of security issues. WordPress gives a lot of power to its users, and with great power comes great responsibility. A responsibility that many people neglect. Hackers know this and attack WordPress sites accordingly. However, you can rest easy knowing this: There is no such thing as perfect security, especially on the Internet. As WordPress puts it, “[S]ecure… is about reducing risk, not eliminating it. It’s about applying all the controls available to you, within reason, that allow you to improve your overall position by reducing the likelihood that you will be targeted and subsequently hacked.” You can never guarantee complete protection from online threats, but you can take steps to reduce the likelihood that they will occur. The fact that you’re reading this article means that you probably care about security and are willing to do whatever it takes to keep yourself and your visitors safe. In short, WordPress is safe, but only if its users take security seriously and follow best practices.