WPScan has collaborated with Wordfence to conduct a 2021 mid-year review on the state of WordPress security. Using vulnerability data from WPScan’s WordPress vulnerability database and attack data from Wordfence’s internal threat intelligence platform, we were able to analyze the current trend of attacks on WordPress and assess the current state of WordPress-based software security.
In the first half of 2021, we saw continuous growth in attacks targeting WordPress plugin and theme vulnerabilities alongside an increase in password-based attacks. This indicates that attackers have been ramping up their efforts in targeting WordPress sites this year. Further, WPScan is on route to record more new vulnerabilities in 2021 than ever reported in a single prior year, which indicates a positive trend in ethical hackers looking out for the security of the WordPress ecosystem.
Some of the report’s findings include:
- Cross-Site Scripting (XSS) Vulnerabilities Accounted for Over Half of Plugin Vulnerabilities
- 17% of WordPress Plugin Vulnerabilities Were of Critical Risk
- Password Attacks Against WordPress Are on the Rise
While we are seeing more attackers targeting WordPress, we are also seeing WordPress become a more secure ecosystem, thanks to the contribution of independent security researchers.
Ryan Dewhurst, Founder & CEO of WPScan, comments:
It was great to collaborate with the highly skilled Wordfence team on this project. By combining the strengths of WPScan’s WordPress vulnerability data and Wordfence’s attack data, the report gives a unique and invaluable insight into the current state of WordPress security. I hope that we are able to continue to collaborate on future projects to help make the web a safer place.
You can find these details and more by downloading the 2021 Mid-Year WordPress Security Report.