Did You Know?
WordPress is the most hacked into CMS of them all. Out of the 8000 infected websites analysed in a study, 74% were built on WordPress.
SQL injections occur when an attacker gains access to your WordPress database and to all of your website data
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tool.
Only 39% of WordPress websites are running the 4.8 version of the software.
81% of WordPress attacks are based on insecure or stolen passwords, being the main tactic used.
Only around 40 percent of WordPress sites are up to date.
If you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the security problem.
41% were hacked through a security vulnerability on their hosting platform.
84% of all security vulnerabilities on the internet are the result of Cross-Site Scripting or XSS attacks.
Only 48% of WordPress websites are running the 4.9 version of the software.
18 Million WordPress users were compromised during the worst breach of WordPress security.
Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute.
Only 40% of WordPress websites are running the 7.2 version of the php.
The iThemes Security plugin has had the most ironic security breach to date.
Each week, Google blacklists around 20,000 websites for malware, and around 50,000 for phishing
52% of reported WordPress security vulnerabilities relate to WordPress plugins.
4,000 WordPress websites are infected with a malware that disguises itself as a SEO plugin to attract unwary webmasters.
File inclusion exploits are one of the most common ways an attacker can gain access to your WordPress website’s wp-config.php file.
The four most common WordPress malware infections are Backdoors, Drive-by downloads, Pharma Hacks and Malicious Redirects.
61% of infected WordPress sites are out of date.
The top three plugins that hackers love breaking into are TimThumb, Revslider, and Gravity Forms.
According to one study, 30.95% of Alexa’s top 1 million websites run a vulnerable version 3.6 of WordPress.
37% of WordPress vulnerabilities result from the WordPress core files.
11% of WordPress vulnerabilities are caused by WordPress themes.
Your One-Stop WordPress Scanner is here!
WP-Scan’s DIY tool instantly scans any WordPress website to point out vulnerabilities and security risks – which often go undetected. Our mission at WP-Scan is to ensure a safe web.
Why Should You Perform Regular WordPress Scan
Over 10+ million websites use the WordPress platform – making it one of the most used CMS of all times. However, if websites are not updated and maintained regularly, they become vulnerable to attack of some kind or the other.
There are many types of vulnerabilities that need continuous checks and redressal. Security companies and software developers continuously release updates to make the WordPress platform more secure.
WordPress websites become the first targets of hackers owing to their wide adoption. Apart from a range of possibilities, a hacker can deface content, spy on your visitors, or worse – steal identity and payment related information.
Hence, security experts strongly suggest timely WordPress scan and regular scheduling of maintenance.