I looked and looked because I really wanted to see if this was the first full year WordPress Threat Report – and it looks like it is, it would be interesting if Wordfence could time machine some of this to see year-over-year changes in the volumes and types of WordPress attacks.


This is sweet and simple, load WordPress sites in as fast as 37ms with Cloudways!


This report has some shockingly high numbers! B I L L I O N S!

  • 90 Billion Malicious WordPress Login Attempts
  • 4.3 Billion Vulnerability Exploit Attempts Targeting WordPress

The most interesting and frankly preventable threat outlined in the report is Nulled Plugins: “Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites. Nulled plugins and themes are pirated copies of premium plugins and themes with their license checking features disabled or removed, which typically contain backdoor functionality.”

Subscribe to the daily-ish #MorningCoffee today.