Study Reveals Huge WordPress Security Issues

Blame is directed at WordPress plugins, which create major vulnerabilities, with many never getting patched.

WordPress may be one of the most popular website builders in the world, but a recent study found that it’s plagued with a wide range of substantial security vulnerabilities that never get patched.

With security breaches, ransomware attacks, and phishing scams becoming part of everyday life on the web, cybersecurity has never been more important to businesses around the world. Subsequently, the best website builders are expected to have the infrastructure to at least provide the basics when it comes to protecting its users.

Unfortunately, that does not appear to be the case at WordPress, as security flaws apparently run rampant throughout the popular website builder’s websites.

The State of WordPress Security

One of the best aspects of WordPress is that it allows for a wide range of plug-ins, which can customize the website and provide helpful functionality for businesses trying to attract customers, produce content, and generally engage online. Unfortunately, that’s one of the biggest downfalls for WordPress when it comes to security.

“Vulnerabilities from plugins and themes remain as one of the biggest threats to websites built on WordPress.”

According to the study from Patchstack, there has been a 150% increase in WordPress vulnerabilities since last year, which as researchers put it is “a significant increase.” Even worse, 29% of these vulnerable WordPress plug-ins are never patched, leaving the door open for some serious security problems.

29% 0f WordPress vulnerabilities are never patched

To be fair, though, WordPress is not technically the problem. The core platform for WordPress represents a mere 0.58% of security vulnerabilities. Unfortunately, the massive library of plug-ins is the downfall here, so if you want to stay secure, it’s best to avoid these tools if you can.

Is WordPress a Good Website Builder?

Despite the fact that 43.2% of all websites are powered by WordPress, our research shows that it doesn’t offer much compared to its competitors. Unless you’re interested in a blogging site, which we’ll admit WordPress is great for, this website builder isn’t ideal for any business.

For one, it’s customizability is limited and, according to this research, comes at a price as far as security is concerned. Additionally, the overall functionality for design, ecommerce, and analytics is severely lacking compared to competitors like Wix and Shopify.

If you’re interested in getting a website builder for your business, we’ve done a whole bunch of research to help you choose. Take a look at the table below and visit our best website builders guide to make the decision even easier.

0 out of 0
Overall Score
All research categories, condensed into one score
Paid plan
Number of templates











$29/month $1 for first month


$4/month (first 3 years)

Over 900




Over 150

Over 180

Over 8,000

Over 200


  • Unrivaled selection of website features
  • AI features can create site in 60 seconds
  • Quality free plan available
  • Easiest website builder to use
  • Plenty of content-focused features
  • Integrates with Acuity for booking and appointments
  • Vast selection of integrations and apps
  • Robust customer support options
  • Excellent AI features to craft content
  • AI generated websites in two steps (30 seconds)
  • Prompt customer support responses
  • Free plan available
  • AI generated site in three steps (60 seconds)
  • Built-in heatmap for advanced site analytics
  • Language translations capabilities
  • Speedy set up
  • Decent ecommerce features
  • Brilliant for bloggers
  • Easy to set up
  • Large and helpful user community
  • Personal consultant for support
  • Top tier site speed
  • Supports content in 62 languages
  • ADI functionality
  • Best cost per feature option
  • Dedicated mobile editor view
  • No template switching once published
  • Number of features can be overwhelming
  • Steep price increase for scaling businesses
  • Limited language support
  • Poor variation between AI generated sites
  • Performed poorly on site speed tests
  • Messy interface between back and front end
  • No free domain
  • Short 3-day free trial
  • No mobile website editor
  • Overly generic website design
  • No app market
  • No app market
  • No email marketing
  • No free trial or free plan
  • Dull templates
  • Confusing navigation
  • Not the best choice for ecommerce
  • Slightly inflexible editor
  • No app market
  • No blogging functionality
  • No free trial or free plan
  • No blog functionality
  • Limited SEO features
  • No internal marketing capabilities
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at
Explore More See all news
Back to top
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free