Wordfence has collaborated with WPScan to conduct a 2021 mid-year review on the state of WordPress security. Using attack data from Wordfence’s internal threat intelligence platform, and vulnerability data from WPScan’s vulnerability database, we were able to analyze the current trend of attacks on WordPress and assess the current state of WordPress security.
In the first half of 2021, we saw continuous growth in attacks targeting WordPress plugin and theme vulnerabilities alongside an increase in password-based attacks. This indicates that attackers have been ramping up their efforts in targeting WordPress sites this year. Further, WPScan recorded more new vulnerabilities in the first half of 2021 than ever reported in a single year, which indicates a positive trend in ethical hackers looking out for the security of the WordPress ecosystem.
While we are seeing more attackers targeting WordPress, we are also seeing WordPress become a more secure ecosystem, thanks to the contribution of security researchers.