Is WordPress Safe to Use For My Online Business?

Screenshot of the WordPress CMS console with the options to access Pages, Comments, and Websites
WordPress is the most popular CMS

If you’ve ever built a website or own an online business, there’s a good chance that you’ve heard of WordPress. WordPress is the most famous website building Content Management System (CMS) in the world today. Not only is it the most famous, but it is also the most widely used CMS in the world. VentureBeat recently announced that WordPress powers over 25% of all websites that are currently active on the internet. This is a miraculous feat and the sheer volume of users that power their websites with WordPress is nothing short of amazing. However, has anyone ever really thought about how secure WordPress software really is or are they just blindly following this name brand CMS? We will help you answer this critical question today.

WordPress Market Share

As we mentioned earlier, over a quarter of all websites run on WordPress these days. When we also compare its impact across the market, we can see a clear dominance over the other CMS platforms. According to W3Techs, WordPress disproportionately owns approximately 58.7% of the entire CMS market as of November 2015. With such a large market share, it is only natural to assume that WordPress would be one of the most heavily targeted CMS platforms by hackers. This has led to a bevy of WordPress vulnerability exploitations within the last few years.

WordPress Users

Now, this leads us to wonder why so many users are utilizing WordPress services. The answer is simple, really. A CMS is built with the customer in mind and aims to provide users with the convenience to create their very own websites without doing all the heavy coding or dealing with website issues. WordPress acts as a crutch for many web development novices to always have a reliable source to help power their website. However, the security issues within WordPress are widely known. In order to properly secure your WordPress website, one must always keep up to date with known vulnerabilities listed on the non-profit Exploit Database (EDB) website or be cognizant of security patches and manual system updates. This defeats the purpose of powering a website with convenience and ease in mind.

How Vulnerable is WordPress?

Previously, Cloudbric warned of WordPress vulnerabilities that primarily targeted plugins found on the CMS. For instance, the EDB website listed a total of 33 software vulnerabilities found in the month of April 2015. Of the 33 total software vulnerabilities, WordPress exhibited the vast majority of issues with a whopping 21 exploitations that were visible to hackers.

As Cloudbric began to analyze the web securities issues within WordPress, we began to notice a visible trend. Even a simple plugin update from WordPress, such as a multi view calendar plugin, could be the prime target for hackers to launch more malicious attacks. Cloudbric discovered that the vast majority of WordPress vulnerabilities led to SQL Injections, which are some of the most dangerous and hard to combat web attacks. This has brought the issue with WordPress vulnerabilities to the forefront due to the sheer number of websites and users that use its services.

One solution to prevent this from impacting your website and releasing sensitive data information is to continually keep up to date with the latest vulnerabilities listing from EDB as mentioned before. This can help you stay on top of what issues may be present with WordPress and to manually seek out solutions or wait for automatic patch updates from WordPress itself. Another solution could be to implement a strong Web Application Firewall (WAF) to help monitor inbound and outbound traffic to your website. This can help you focus on what’s important to you—building your business—while still receiving world class website security features.

table showing the list of the top 10 most popular content management systems and their vulnerabiltiies
WordPress is the most vulnerable CMS

Cloudbric detection technology also monitored EDB related WordPress vulnerabilities across a wider range of time and data. More specifically, Cloudbric and Penta Security Systems’s WAPPLES technology reviewed CMS and software vulnerabilities from January 2015 to September 2015. During this time period, Cloudbric discovered approximately 366 total software and CMS vulnerabilities that were exposed. In addition, of the total 366 issues, 23.7% of all vulnerabilities originated from WordPress. As you can see in the chart above, WordPress was both the leader in software and CMS related security issues with 87 known vulnerabilities during this research period. The second most popular CMS (Joomla) reported only 15 security issues, which was an 83% decrease from the top spot (WordPress).

WordPress is known to be the most popular CMS on the market today, which is evident in the fact that over 25% of all websites on the entire World Wide Web are powered by its software. However, being a brand name and a popular CMS does not ensure maximum security for your website. Most small and medium businesses rely on WordPress to power their online business to collect prospective customer data, exchange credit card information for purchases, or deliver content to their users. Anytime information is exchanged, especially private customer information, website owners must be vigilant about website security. A good way to ease your mind is to look into implementing an elite Web Application Firewall (WAF), such as Cloudbric, to monitor both incoming and outgoing web traffic to your website. To learn how you can get started, feel free to email us for a personal consultation at