Study Reveals Huge WordPress Security Issues

Blame is directed at WordPress plugins, which create major vulnerabilities, with many never getting patched.

WordPress may be one of the most popular website builders in the world, but a recent study found that it's plagued with a wide range of substantial security vulnerabilities that never get patched.

With security breaches, ransomware attacks, and phishing scams becoming part of everyday life on the web, cybersecurity has never been more important to businesses around the world. Subsequently, the best website builders are expected to have the infrastructure to at least provide the basics when it comes to protecting its users.

Unfortunately, that does not appear to be the case at WordPress, as security flaws apparently run rampant throughout the popular website builder's websites.

The State of WordPress Security

One of the best aspects of WordPress is that it allows for a wide range of plug-ins, which can customize the website and provide helpful functionality for businesses trying to attract customers, produce content, and generally engage online. Unfortunately, that's one of the biggest downfalls for WordPress when it comes to security.

“Vulnerabilities from plugins and themes remain as one of the biggest threats to websites built on WordPress.”

According to the study from Patchstack, there has been a 150% increase in WordPress vulnerabilities since last year, which as researchers put it is “a significant increase.” Even worse, 29% of these vulnerable WordPress plug-ins are never patched, leaving the door open for some serious security problems.

29% 0f WordPress vulnerabilities are never patched

To be fair, though, WordPress is not technically the problem. The core platform for WordPress represents a mere 0.58% of security vulnerabilities. Unfortunately, the massive library of plug-ins is the downfall here, so if you want to stay secure, it's best to avoid these tools if you can.

Is WordPress a Good Website Builder?

Despite the fact that 43.2% of all websites are powered by WordPress, our research shows that it doesn't offer much compared to its competitors. Unless you're interested in a blogging site, which we'll admit WordPress is great for, this website builder isn't ideal for any business.

For one, it's customizability is limited and, according to this research, comes at a price as far as security is concerned. Additionally, the overall functionality for design, ecommerce, and analytics is severely lacking compared to competitors like Wix and Shopify.

If you're interested in getting a website builder for your business, we've done a whole bunch of research to help you choose. Take a look at the table below and visit our best website builders guide to make the decision even easier.

0 out of 0
Paid plan
Best for
Number of templates
Overall score based on features, value, support, ease of use, and customer score
Try it Today

$8.99 per month
$2.61 per month with code “TECH” (Up to 71% off + 3 free months)

$14 per month

$4 per month

Best overall website builder

Best for growing businesses

Best for setting up quickly

Best for larger ecommerce businesses

Best for businesses on a budget

Best for beginners

Best for well-rounded, comprehensive websites

Best for ease of use

Best for a blog or publishing site

Best for multilingual sites

Over 800







Over 100



  • Great templates
  • Friendly onboarding experience
  • Advanced business functionality like CRM
  • SEMRush integration for keyword SEO support
  • Email and social marketing tools
  • Best knowledge center available
  • Robust analytics features
  • Quick, efficient website building
  • Easy to use SEO guidance
  • Plenty of must-have features built-in
  • Plenty of apps
  • Good multi channel integration
  • Fast server response time
  • Robust free plan
  • Great for beginners
  • Lots of SEO guidance
  • Very affordable platform
  • Easy to use with simple grid layout
  • Advanced features like heatmap and logo maker
  • Much easier to use than average website builder
  • Templates cover all industries
  • Ideal for web design businesses
  • ADI functionality
  • Best cost per feature option
  • Dedicated mobile editor view
  • Brilliant for bloggers
  • Easy to set up
  • Large and helpful user community
  • International growth features built-in
  • Quickest server response team
  • Best mobile site speed performance
  • Relatively slow server response time
  • Not the most intuitive platform
  • Slower site speed
  • No advanced customization options
  • Limited customization options
  • Website design is quite restrictive
  • Basic SEO features
  • Design is more restrictive, less intuative than other builders
  • High transaction fee if not using Shopify Payments
  • A bit outdated design-wise
  • Few platform updates
  • Worst server response time
  • No app store
  • Limited marketing features
  • Little onboarding help at setup
  • Limited support on non-premium plans
  • More expensive than competitors
  • Few internal marketing features
  • No blog functionality
  • Limited SEO features
  • No internal marketing capabilities
  • Not the best choice for ecommerce
  • Slightly inflexible editor
  • No free plan or trial
  • Limited customization
  • Few advanced marketing features
Written by:

Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at

Explore More See all news
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free