Outdated WordPress versions and security vulnerabilities

Christine Wölke
  • 9 months ago
  • 2 min read

How many WordPress sites are vulnerable to security risks? Every month, we index all domains on the web and detect content management systems (CMSs) on websites. Companies all over the world use a CMS to create, store and manage content on their websites.

We can detect more than 250 different CMSs. According to our data, over 65% of company websites use WordPress. Here, we look into around 14 million websites that provide information on WordPress versions. A large amount of these haven’t been updated in a long time and this creates a high risk of being open to vulnerabilities, just like with updating your computer or phone.

In the graph below you can see an overview of the share of websites split by different WordPress versions. Only 8% of sites analyzed run on the latest WordPress branch 6.0, while the largest share runs on the previous branch (5.9). The remaining 46% are still relying on preceding branches, suggesting that a significant proportion of websites might be vulnerable to security risks.

Only 8% of sites analyzed run on the latest WordPress branch 6.0.
Share of websites by WordPress branche.
Share of websites by WordPress branch. Source:, May 2022.

CMSs, such as WordPress, are a common target for malicious code distributors and data thieves since they are open source, so hackers can easily find ways to break into the websites. That’s why it’s vital that businesses keep their CMSs up to date and ensure that any vulnerabilities are solved in time: 

  • We believe that registrars should inform and remind their users to update old CMS versions and offer them tailored solutions. 
  • Also, small businesses can use cloud-based CMS solutions. That way, the cloud service provider will make sure that everything is up to date.

Subscribe to our newsletter to stay in the loop about the latest insights and developments around web data.


Related Recipes