Skip to content

WordPress vulnerabilities compared to Google, Apache, MySQL

Graph shows WordPress vulnerabilities are comparable to other major software producers

Vulnerabilities graph from WPWhiteSecurity.

We’re very aggressive about fixing vulnerabilities in our client’s WordPress websites. We monitor multiple security sites to make sure we stay informed so we can apply fixes as soon as possible.

Does that mean WordPress in inherently vulnerable? Is its reputation deserved? As the graph from the white-hat security firm WP White Security shows the answer to both questions is no. More popularity and more scrutiny means the flaws inherent in all large software projects are found more quickly. And can be fixed more quickly.

Here’s their take. It’s one I share:

What does the above mean? So far more vulnerabilities have been reported for Drupal and Google products than for WordPress, its plugins and themes. Apache is not far and MySQL server, one of the most widely used database server has had nearly 600 vulnerabilities so far. Yet no software got the same bad reputation as WordPress did; Google is still the number one search engine and their products are used by millions of people from all over the world. Apache is always the first or second most used web server in the world, competing with NginX.

Read the entire post at WP White Security

So if WordPress’s reputation is undeserved does this mean we can all go to sleep? Um, no. Just like you still probably want to lock your office door when you leave for the night you still want to keep all your web-based software up to date, backed up, and security scanned too. Not just WordPress but your server software too — your web server, your database software, your language processors, the works.

But want to know a secret? The WordPress community makes it pretty easy to keep your site safe and secure. While it can be a real toothache updating your server software (you’d be surprised how many hosting companies fall down on this job) WordPress has gone out of its way to make security updates public, available, and relatively simple to maintain. There are wonderful backup and security plugins, many of which also update themselves. And (not to blow our own horns or anything) there are countless companies large and small that can manage everything for you.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmail
Posted in

David Innes, RealBasics.com

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981.