The 2021 Mid-Year WordPress Security Report is now publicly available. The joint Wordfence-WPScan whitepaper analyses the current Wordpress threat and vulnerability ecosystem.
Although just about all the stats in the report are centred around Wordpress, it’s a must-read for all website owners since many of the threats discussed are platform agnostic. Below are some of the key highlights of the whitepaper. While some of the figures below appear astronomical, it should be kept in mind that Wordpress now powers 42% of all major sites, or roughly 455 million sites.
Download the full report here.
Perhaps the most glaring conclusion is that attacks are on the rise. This isn’t just limited to the Wordpress ecosystem, but across various digital platforms and media. And yet, they all share mostly common drivers.
Ransomware attacks, for example, rose by 62% between 2019 and 2020. Given that companies are more inclined to pay the ransom, it’s seen as an easy opportunity for many threat actors.
While website attacks are more diverse in nature, they are typically also motivated by money - whether that’s selling your information back to the website owner, or selling it to other threat actors.
The other widely-cited reason for the increase in online attacks is attributed to the COVID-19 pandemic; with many people forced to work from home, there are more people on the internet and therefore more opportunities for threat actors to find new victims.
According to security firm, DOSarrest, 90% of all websites are vulnerable to attack. It’s obvious that website security should be a key consideration, but many website owners lack the technical expertise to safeguard their websites and servers to protect against threats. If that’s you, then you’re not alone. Skills shortages are common across the spectrum.
According to Statistica, the managed hosting market grew from 12.15 billion dollars in 2010 to 81 billion dollars in 2020, with enterprises typically opting for infrastructure/application monitoring and alerting, followed by disaster recovery.
If you’re a Storm Internet client, then you can start amping up your online security by checking your website and or server security report and activating security hardening features. If your server is managed by Storm then we’re automatically taking care of security with proactive monitoring, active patching, and updated firewall rules. We’re also taking care of disaster recovery, and actively work to keep your sites and servers online.
If you’re not a Storm client, keep an eye out for our next post where we’ll provide a few tips on finding a host that puts your security first.