Outdated WordPress versions and security vulnerabilities
- 9 months ago
- 2 min read
How many WordPress sites are vulnerable to security risks? Every month, we index all domains on the web and detect content management systems (CMSs) on websites. Companies all over the world use a CMS to create, store and manage content on their websites.
We can detect more than 250 different CMSs. According to our data, over 65% of company websites use WordPress. Here, we look into around 14 million websites that provide information on WordPress versions. A large amount of these haven’t been updated in a long time and this creates a high risk of being open to vulnerabilities, just like with updating your computer or phone.
In the graph below you can see an overview of the share of websites split by different WordPress versions. Only 8% of sites analyzed run on the latest WordPress branch 6.0, while the largest share runs on the previous branch (5.9). The remaining 46% are still relying on preceding branches, suggesting that a significant proportion of websites might be vulnerable to security risks.
Only 8% of sites analyzed run on the latest WordPress branch 6.0.
CMSs, such as WordPress, are a common target for malicious code distributors and data thieves since they are open source, so hackers can easily find ways to break into the websites. That’s why it’s vital that businesses keep their CMSs up to date and ensure that any vulnerabilities are solved in time:
- We believe that registrars should inform and remind their users to update old CMS versions and offer them tailored solutions.
- Also, small businesses can use cloud-based CMS solutions. That way, the cloud service provider will make sure that everything is up to date.