I looked and looked because I really wanted to see if this was the first full year WordPress Threat Report – and it looks like it is, it would be interesting if Wordfence could time machine some of this to see year-over-year changes in the volumes and types of WordPress attacks.


Sponsor: There’s a reason Sprout Invoices is the best rated invoicing plugin for WordPress — it’s the most fully featured solution with the highest regarded support available.


This report has some shockingly high numbers! B I L L I O N S!

  • 90 Billion Malicious WordPress Login Attempts
  • 4.3 Billion Vulnerability Exploit Attempts Targeting WordPress

The most interesting and frankly preventable threat outlined in the report is NulledPlugins: “Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites. Nulled plugins and themes are pirated copies of premium plugins and themes with their license checking features disabled or removed, which typically contain backdoor functionality.”

Subscribe to the daily-ish #MorningCoffee today.