We all hear about how WordPress is the most popular CMS (Content Management Solution) powering 1 in 4 of the websites on the internet today. We thought we would put it to the test. We took the membership list of a Chamber of Commerce.
Our results showed the following:
Out of 1,077 websites checked – 386 (36%) run WordPress so it’s true in our small group anyway.
We also hear that WordPress is terribly insecure and should not be used. That is just not true. The majority of hacks are due to out dated WordPress installations and outdated plugins. So we checked the WordPress sites we found.
Our results showed the following:
Out of 386 WordPress sites 139 (36%) advertised an out of date WordPress version.
Now the results could be a lot higher, in fact we know this to be true. It is easier to stop WordPress advertising the fact that it is WordPress and the version. You simply add the code below to your wp_config.php file:
remove_action('wp_head', 'wp_generator');
So this means that there could be a lot more sites out there running an old version of WordPress. Our test was only able to check if WordPress was running along with the version. We could not check any of the plugins running.
One of the more interesting facts of the research was when we started to look at the ‘Designed by’, ‘Developed by’ links at the bottom of sites where available. We found that the developers website was normally out of date too.
So why is this an issue? Because WordPress, like any other software needs to be upgraded with fixes and patches as do themes and plugins. Around 75% of patches to plugins are to fix security issues within the code. The results mean that at least 36% of WordPress sites have security issues.
Hosting Sites
I would be worried if I was the company hosting the website as a threat to one site, could be a threat to all the sites hosted.
Site Owner
I would also worried if I was the owner of the site because it will only be a matter of time until it’s hacked. It also means that if I am paying for a website to be managed – it clearly is not.
Design Agency
Lastly I would be worried if I was the designer, if the site is not being updated is it being checked at all? How up to date are the plugins, the themes? When did the backup last run?