I looked and looked because I really wanted to see if this was the first full year WordPress Threat Report – and it looks like it is, it would be interesting if Wordfence could time machine some of this to see year-over-year changes in the volumes and types of WordPress attacks.

This report has some shockingly high numbers! B I L L I O N S!

• 90 Billion Malicious WordPress Login Attempts
• 4.3 Billion Vulnerability Exploit Attempts Targeting WordPress

The most interesting and frankly preventable threat outlined in the report is Nulled Plugins: “Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites. Nulled plugins and themes are pirated copies of premium plugins and themes with their license checking features disabled or removed, which typically contain backdoor functionality.”