According to security company Wordfence, nearly 1,000,000 WordPress websites were infected with malware last year. On any given day, between 325,000 and 350,000 sites were infected. That's according to the annual WordPress Security Report.
In most cases, a vulnerable plug-in was the cause. According to Wordfence, that's because its developers are out of touch or unresponsive. However, there were more than 8,000 vulnerabilities, 2,000 of which have still not been updated. The basic WordPress installation, WordPress Core, faced 5 security vulnerabilities in 2024.
The LiteSpeed Cache plug-in and the WP Meta SEO plug-in were the most frequently attacked. Recently, it was revealed that a security vulnerability in the WordPress plug-in OttoKit (formerly SureTriggers) was used by malicious actors to compromise websites just a few hours after its disclosure.
Click here for the WordPress Security Report.
Click here for the post about the vulnerability in the plug-in OttoKit.