According to Patchstack’s State of WordPress Security In 2022 whitepaper, there was a 328% increase in WordPress security bugs last year. But don’t panic! This doesn’t mean WordPress is less secure; in fact, this indicates there are lots of folks out there hunting these issues down to keep WordPress site users MORE secure.
But it does require YOU to take action to keep your plugins, themes, and WordPress core software updated. Patchstack reports that 42% of websites have at least 1 current vulnerable software component installed. That’s like leaving your back window open to a thief.
42% of websites have at least 1 current vulnerable software component installed
Okay, so you’re keeping an eye on your site and updating plugins and themes and WordPress whenever you get a notification. But what about the 26% of plugins with security vulnerabilities that didn’t get patched? Are you regularly monitoring this “threat intelligence” to ensure you aren’t running a plugin or theme that’s “up to date” but still vulnerable? These abandoned software components are a silent threat to website owners who may not even be aware they are running insecure software.
Software supply chain vulnerabilities are also an issue. Just like the economy, open source software like WordPress is dependent on a supply chain consisting of code libraries and frameworks. Vulnerabilities in those libraries can have cascading effects on security, such as that found in the Freemius framework, which is used in a number of plugins and themes. As Patchstack’s white paper says:
The good news was hundreds of plugins that were notified of the security bug in Freemius updated their project’s code and patched the bug. The bad news was dozens to hundreds of projects did not respond to the notifications.
While the numbers and threats seem alarming, Patchstack takes an optimistic view of security for the coming year. With security researchers and developers working together to find and fix vulnerabilities, and continued awareness and action from website owners to keep their sites up to date, the WordPress ecosystem will continue to grow safer.
Check out Patchstack’s whitepaper on the State of WordPress Security. And if you need someone to help keep your site updated, running well, and secure, give Milepost 42 a shout!