The Alarming State of WordPress Hacking Statistics

Joel Phillips

WordPress is Not As Safe As You Thought It Was

A computer screen shows the word security and a mouse pointer

As the world's most popular content management system (CMS), WordPress powers over 40% of all websites on the internet. Its popularity, however, also makes it a prime target for hackers looking to exploit vulnerabilities and gain unauthorized access to websites. In this article, we'll dive into the latest statistics on WordPress hacking, highlighting the importance of securing your website and the need for constant vigilance.


WordPress Hacking Statistics: An Overview


WordPress Hacking Incidents and Rates

  • An estimated 13,000 WordPress websites are hacked daily.
  • 4.3% of WordPress sites were hacked this year.
  • Over 30,000 websites are hacked every day.
  • 10.4% of WordPress sites were at risk due to outdated components.
  • 90,000 attacks target WordPress every minute.
  • 8% of WordPress sites get hacked due to weak passwords.
  • 61% of attacks occur due to outdated sites.


WordPress Hacking Statistics

  • Malware accounts for 61.65% of WordPress hacks.
  • 29% of hacks are due to vulnerable WordPress themes.
  • 41% of hacks are due to vulnerabilities in hosting providers.


WordPress Security Vulnerability Stats

  • 38,281 WordPress vulnerabilities were reported last year.
  • 99.42% of vulnerabilities were found in themes and plugins.
  • 42% of WordPress sites have at least one vulnerable component installed.
  • Cross-site scripting (XSS) accounts for 50% of WordPress vulnerabilities.


WordPress Plugin Hacking Statistics

  • 52% of WordPress vulnerabilities are due to outdated plugins.
  • Fake SEO plugins infect over 4,000 WordPress websites.
  • Plugins account for 52% of known WordPress vulnerabilities.
  • Contact Form 7 was the most commonly-identified vulnerable WordPress plugin.


The Costs of WordPress Hacking

  • Fixing a hacked WordPress site can range from $250 to $9,600.
  • The average cost of a data breach is approximately $3.86 million.


WordPress Vulnerabilities on the Rise

WordPress vulnerabilities increased by 15% compared to last year. This growth can be attributed to the ever-evolving tactics used by hackers, as well as the increasing number of outdated WordPress installations and plugins that haven't received timely security updates.


Outdated Plugins and Themes Remain a Major Threat

Outdated plugins and themes continue to be a significant cause of WordPress hacking incidents. Approximately 60% of hacked WordPress websites had at least one outdated plugin or theme, making it easier for hackers to exploit known vulnerabilities. It is crucial to update your plugins and themes regularly to prevent security breaches.


The Impact of Brute Force Attacks

Brute force attacks, where hackers attempt to gain access to a website by trying multiple username and password combinations, accounted for 35% of all WordPress hacking incidents so far this year. To protect your website from such attacks, it is essential to implement strong, unique passwords and enable two-factor authentication (2FA) where possible.


The Role of Malware in WordPress Hacking

Around 20% of WordPress hacking incidents involved malware infections. Malware, short for malicious software, is often used by hackers to take control of websites, steal sensitive information, or spread the infection to other sites. Implementing a reliable security plugin and regularly scanning your website for malware is critical to preventing these types of attacks.


The Importance of Timely Updates

45% of hacked WordPress websites were running an outdated version of WordPress. Running an outdated version of the CMS makes it easier for hackers to exploit known security vulnerabilities. To keep your website secure, it is crucial to update your WordPress installation and all related plugins and themes as soon as updates become available.


The Increasing Use of Cryptocurrency Mining Malware

The rise of cryptocurrency mining malware has become a significant issue for WordPress websites. Around 10% of hacked WordPress sites were found to have unauthorized cryptocurrency mining scripts running in the background, causing increased server loads and a poor user experience for visitors. Monitoring your website for unusual activity and utilizing a security plugin can help combat this growing threat.


Conclusion


The statistics on WordPress hacking paint a concerning picture of the current state of website security. As the digital landscape evolves, so do the threats facing WordPress site owners. It is vital to take proactive steps to secure your website, including updating your WordPress installation, plugins, and themes, using strong, unique passwords, implementing two-factor authentication, and deploying a reliable security plugin. Staying informed and vigilant about potential threats will help you keep your website and its users safe in an increasingly challenging online environment.


Sources for statistics:

Patchstack

Jetpack

BetterStudio

Key CDN

WP Clipboard

Verisign

Sucuri

WPScan

Statista

GoDaddy

Malcare

WordPress

Wordfence

WP White Security

Sophos

A woman is sitting at a table with a laptop and a cup of coffee.

Emails That Don’t Just Land—They Lead to Sales

April 17, 2025
Stop sending emails people delete. Start sending messages they click, save, and buy from.
A woman is typing on a laptop computer while sitting at a table.

Build the Funnel Once. Let It Work Forever.

By Shella Arias April 16, 2025
The smartest entrepreneurs don’t hustle harder—they build systems that sell

You Can’t Be the Best-Kept Secret and the First Choice

By Shella Arias April 16, 2025
Visibility isn't vanity—it's viability
More Posts