Over the last few weeks we've had a number of reports fantastic independent reports on WordPress security, professionals, and more. So with great apologies to Mark Halperin's Wide World of News, and his occasional What That Loudmouth Will Still Say on Your Morning Zoom, my attempt with How to Discuss that Slack.
Security
Patchstack, State of WordPress Security in 2022:
What that Slack slacker will say: WordPress is great, we are on top of securing 50%, can you imagine any other open source project with this much exposure and still being secure!
What the enterprise Slack slacker will say: How the heck can I trust mission critical services and solutions to an ever growing target without breaking the bank?
What you should Slack: Move security outside of WordPress, with trivial points of entry via plugins you'll never be able to stop exploits in-app. External threat mitigation will allow the freedom folks need to build with WordPress and true security experts can focus on the problems.
synopsys, 2023 Open Source Security and Risk Analysis Report (PDF):
What that Slack slacker will say: If only the rest of the stack could be as secure as WordPress.
What the enterprise Slack slacker will say: Great, now I'm spending even more money and getting less sleep.
What you should Slack: Almost half of the exploits in this report (47%) are related to jQuery! PHP has fantastic numbers except that when it get's exploited you wind up with high-risk vulnerabilities.
Jason Nickerson, Exploring the 2023 Open Source Security and Risk Analysis Report: Key Insights and Implications for Businesses, takes a quick look at the report as well, "Open source software is at an all-time high with projects like WordPress, which now powers over 43% of the internet. However, with the widespread adoption of open source comes new security and compliance risks."
Survey Says
OpenLogic, 2023 State of Open Source Report:
What that Slack slacker will say: The Democratization of the Web is real!
What the enterprise Slack slacker will say: If one more department secretly deploys a WordPress site without going through IT, we're going to turn off the internet.
What you should Slack: I'm always surprised that we report any number less than 100%. Open source is embedded in literally everything, from your mobile devices, to SaaS platforms that are integrated with proprietary solutions. We are missing the forest for the trees.
Specifically for professionals, The Admin Bar, WordPress Professional Report:
What that Slack slacker will say: I'm in a lot of company with my WordPress side-gig, that's cool.
What the enterprise Slack slacker will say: Yes, I've viewed the AirTable, and know it's a small sample size, but how can I trust mission critical enterprise business to agencies to professionals that can't clear 6 figures income?
What you should Slack: WordPress professionals are selling themselves short! Around 65% are charging less than $5,000 for a website, profit margins for 55% are less than 40%, and worst of all, 42% never charge for discovery!
Please let me know if you enjoyed the Slack slacker on the socials or email and whether it's worth having this discussion with myself in the future.