Recently Torque wrote an article on WordPress Security where they claim 170,000 WordPress websites were hacked in 2012. My initial reaction to this was; really 2012? That was soooo four years ago. Then I thought well the number is pretty big but in relation to what, what’s the bigger picture and also where does this data come from?
So I did a bit of Googling and found some numbers. In 2012 WordPress powered around 15.8% of the internet’s websites and there was around 190,000,000 active websites. So the total number of WordPress websites in 2012 was around 30,020,000. If my calculations are correct that means that only around 0.56% of all the WordPress websites in 2012 were hacked. I think we can all agree that is an absolutely tiny percentage! This begs the question, why all the fuss about WordPress security?
Well I suppose even if the percentage is to be believed it’s still prudent to take precautions rather than think you’d be unlucky to be in the 0.56%! Personally I think the number of WordPress websites hacked in 2012 was probably a lot higher, after all they can only come up with that number if people report it (where from and who collates these reports I have no idea). Taking into consideration that its difficult to collate all reports of a hacked website, that there are a huge amount of abandoned WordPress websites, site owners that just don’t know they’ve been hacked and that people just flat out haven’t mentioned that their website got hacked because let’s face it, it’s not exactly something you want to shout about, especially if running a business. The real figure could be 10 or maybe 20 times more than what I’ve worked out above, that would mean 5-10% of WordPress websites got hacked in 2012! Mmmm does that figure feel a bit more realistic, well it does to me.
WP Mayor claims 117,000 WordPress websites were hacked in 2013
and Dope Review claims 500,000 WordPress websites were hacked in 2014. I couldn’t really find much about 2015 but there is a huge jump between 2013 and 2014, again if these figures are to be believed. The total active sites on the internet has actually declined since 2012 with the amount of WordPress websites increasing to 21% in 2014.
So what can we take from all this? Not much really, I don’t set too much store from some of the numbers but I just wanted to investigate the numbers a bit and get a feel for the reality, rather than get scared by the big numbers. I think what we should focus on, is that it’s not always WordPress that’s being hacked but plugins, hosts and accounts with insecure passwords etc.
The moral of the story is be safe, get WP hard and use protection 🙂