Statistics taken from 40,000+ WordPress sites in the Alexa Top One Million indicate that, at any given time, over 70% of WordPress websites and blogs are vulnerable to attack. It should be noted that this statistic is calculated using known vulnerabilities only, although new hack attacks are initiated and discovered every day!
In the subject 40,000+ WordPress installations:
- 74 different versions of WordPress were found.
- 769 websites (1.82%) were running WordPress 2.0 or one of its subversions.
- Only 7,814 websites (18.55%) were running the latest version of WordPress.
- 13,034 websites (30.95%) are still running a vulnerable WordPress version!
WordPress is considered to be a secure code PROVIDING THAT it is updated regularly and promptly. When any new security issue is discovered, it is patched very, very quickly but sadly WordPress core vulnerabilities are just a small part of the whole problem.
In addition to the WordPress core vulnerabilities there are very many security problems which affect WordPress themes and plugins; all of these also need to be kept up-to-date.
Do not let this post discourage you from using WordPress; just use it sensibly and ensure that all updates are actioned immediately when they are issued. WP Site Wizard can handle this (and much more) for you for a modest monthly, or a deeply discounted annual fee.