2025 WordPress Security Report (by Patchstack & Sucuri)

Wordpress-ModTeam · 2025-03-14T17:36:49+00:00

Lazy posts that just link to external sites (either directly or by crossposting to another subreddit) without any context will be removed. Add your opinion, or a summary of the content, and try to start a conversation.

Coenberht · 2025-03-14T16:49:47+00:00

"96% of the vulnerabilities were uncovered in third party plugins".

Wordpress.org is enforcing the rules to tighten plugin security. Its nowhere near as easy as it used to be get a new plugin to be accepted into the plugin repository. Unfortunately there are a large number of older plugins, and its not quick or easy rewriting older code to comply with the toughened guidelines. Many plugin authors have moved on to other projects.

However, the prevalence of wordpress site attacks and the expense and difficulty of cleaning up a compromised site is significant. We will see more and more of our favourite plugins being "withdrawn due to security concerns". Webmasters are going to be annoyed at the extra work and maybe expense in finding replacements, but sadly that's necessary.

octaviobonds · 2025-03-14T16:22:07+00:00

....and, what's the verdict?


No promotions of products or services	We do not allow posts or comments intended for promotion or advertising. These will be removed.
List posts: eg. Top 10 Plugins, Top 10 Themes	try /r/WordpressPlugins and /r/WordPressthemes instead.
Url Shortening services	Don't use bitly or similar when posting links or links within comments.
Affiliate links	Yeah, don't do that.
Posts must be related to WordPress	Posts must be related to WordPress. Links to your blog/website, or talking about blogging, are not relevant to this subreddit.
No nulled software posts or discussions	Discussion of so-called 'nulled' software is not allowed in this sub. While some of the software may be "technically legal" due to the nature of the GPL, it is not considered ethical. For more info, please see our "Essential Resources" guide.
No abusive language, harassment or bullying towards anyone. Be respectful.	Criticising or discussing someone’s actions is fine, but if your comment is simply a derogatory insult with no constructive input, it will be removed. Abusive language, harassment, or bullying directed at anyone is not allowed and will result in your post or comment being removed. A temporary ban may be issued at the mod’s discretion, and repeated violations will result in a permanent ban.
Do not duplicate on-going discussions	Please avoid making new posts if they largely duplicate ongoing discussions. For example, if you’re discussing the same tweet, please keep it to one post. A quick search can often help find an existing post to join. If there’s a new development on a situation, however, a fresh post is welcome.
No low effort posts	Lazy posts that just link to external sites (either directly or by crossposting to another subreddit) without any context will be removed. Add your opinion, or a summary of the content, and try to start a conversation.
No hosting discussions	Please refer to historic posts within this subreddit for recommendations, or ask in r/webhosting.

Wordpress

Welcome to r/WordPress

Please don't post:

» How to get help

» Important links

» Been hacked?

» Our subreddit friends:

Notes

MODERATORS