Wordfence, the popular security plugin for WordPress, have released their State of WordPress Security Report 2022 with some key takeaways for 2023.
Most attacks in 2022 looked for an easy way in via reused credentials or by capitalizing on previous infections. Wordfence data indicates that this is becoming an increasingly viable option for attackers as unmaintained sites with infections become more common.
Each year, leaked passwords from data breaches become available to threat actors making it easier to gain access to unmaintained accounts.
Despite record numbers of vulnerabilities being disclosed and patched in the WordPress ecosystem, the vast majority of attacks in 2022 targeted vulnerabilities in practice and process, rather than in software.
Even attacks targeting specific vulnerabilities predominantly focused on obtaining site takeover on the few remaining vulnerable installations of plugins with easily exploitable critical flaws, rather than on the much larger number of newly discovered but more difficult to exploit vulnerabilities.
As such, the greatest threat to WordPress security in 2022 was neglect in all its forms. Keeping WordPress core, plugins, and themes up to date remains an important best practice.
WordPress Maintenance Plans
If you need help with updating a WordPress site visit our WordPress maintenance service page to give us an overview of your website and we’ll be in touch with a maintenance plan to fit your site.