Don’t Take Our Word for It: Why You Should Take WordPress Security Seriously

Learn why you should run regular WordPress scans and basic practices to implement now.

When Matt Mullenweg and Mike Little set out to build a new platform on top of the then b2/cafelog blogging tool when it was discontinued, they probably didn’t know that they were about to start a journey that would eventually benefit millions of users around the globe. And that a whole industry of thousands of developers, designers, writers, bloggers, and web publishers would make their living off it. 

WordPress is a free, open-source website creation platform. On a more technical level, WordPress is a content management system (CMS) written in PHP that uses a MySQL database. Known for its ease of use, WordPress is a popular website builder for small and medium-sized businesses. Today, WordPress powers 43% of all the websites on the Internet, including those without a CMS or custom-coded CMS. Or to put it another way, WordPress powers over one-third of the web (that’s according to W3Techs). 

Why run WordPress vulnerability scans?

Let’s face it, hackers are getting more sophisticated and more aggressive, evidenced by the rising number of small and medium-sized businesses that are falling victim to cyber attacks—two out of every three last year, according to one study.[1] Trava’s automated assessments that check for vulnerabilities in external and internal environments predict how hackers might get into a system, informing better defenses against cyber threats. And with WordPress as prevalent as it is, that is an important scan to run.

Not convinced? One example of a major hack on WordPress occurred recently in December 2021 when an active attack targeting over a million WordPress sites was uncovered. To put a brighter spotlight on it, 1.6 Million WordPress sites were hit with 13.7 million attacks in 36 hours from 16,000 IPs[2].

The news gets worse. The number of new vulnerabilities has been increasing steadily since WordPressScan first started tracking in 2014. As of April 14, 2021, WordPressScan reported an additional 4,400.3

What will WordPress users uncover from running WordPress scans?

How frequently should you run WordPress vulnerability scans? 

Monthly and whenever your website is updated. WordPress sites are regularly updated, and with each update comes potential for a new set of security holes.

WordPress Cyber Hygiene Practices

In addition to regular scans, here are some basic guidelines for cyber security that you can implement now.

Regular updates, vulnerability scans, and basic cyber hygiene practices can help find changes that you, WordPress, or your website hosting service have made that can leave your website vulnerable to security threats.

To learn more about vulnerability scans—including a description of each scan type, key insights learned from each scan, and recommended frequency for running each scan—download Trava’s Complete Guide to Vulnerability Scan Types.

Download the eBook


[1]2018 State of Cybersecurity in Small and Medium-Sized Businesses report, Ponemon Institute, LLC, November 2018

[2]Chamberlain, Chloe, 1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs, Wordfence, Dec 9, 2021. Retrieved Mar 18, 2022 

[3]O’Driscoll, Amy, 25+ cyber security vulnerability statistics and facts of 2021, Comparitech, 14 April 2021. Retrieved 19 July 2021