2023 WordPress Maintenance: Critical Issues in Security and Performance

by | Dec 4, 2023 | WordPress | 0 comments

As we wind up 2023, WordPress maintenance has become more important than ever before. It’s helpful for WordPress site owners to look back and see how their websites have performed. Looking at security, performance, and maintenance are all useful exercises to help determine improvements for the following year and beyond.

I’ve pulled together some useful 2023 WordPress maintenance statistics and summarized them below. Use these for your decision-making and for helping supervisors, managers, and C-Suite executives in their decision-making as well.

What are the key 2023 WordPress maintenance, security, and performance statistics?

2023 WordPress Maintenance: Critical Issues in Security and Performance 1
  • WordPress has a market share of 63.5% considering the websites whose CMS is known, indicating a growth of more than 10% over the years.
  • WordPress continues to be the fastest-growing CMS since 2014. It is used by 45.8% (around 810 million) of all websites on the internet, representing an increase from 43.2% in 2022.
  • WordPress vulnerabilities rose in 2023. In the first half of 2022, WPScan recorded 1,779 new vulnerabilities across WordPress plugins, themes, and core. In the first half of 2023, Wordfence identified 2,587 new vulnerabilities in the database, with 2,497 in WordPress plugins, 84 in WordPress themes, and 6 in WordPress core.
  • The number of vulnerabilities disclosed in the first half of 2023 was significant, with approximately 26% (678 vulnerabilities) considered unpatched. The highest number of vulnerabilities was in February and the lowest in June.
  • Approximately 90% of WordPress vulnerabilities were plugin vulnerabilities, 6% were theme vulnerabilities, and 4% were core software vulnerabilities.

What percentage of WordPress sites have vulnerable code right now?

A study released in June 2023 found that 61% of SMBs in the US and UK were successfully hit by a cyberattack in the past year, and 43% of all data breaches are against SMBs. 46% of cyber attacks target small businesses with 1,000 or fewer employees.

What percentage of businesses nearly faced bankruptcy after a cyber attack?

A 2022 report by Hiscox, a global insurance company, stated that a fifth of US and European businesses have warned that a serious cyber-attack nearly left them bankrupt, with over 87% viewing compromise as a bigger threat than an economic downturn.

What is the average cost in 2023 of a data breach for businesses with fewer than 500 employees?

According to a report by IBM and the Ponemon Institute, the average cost of a data breach for businesses with fewer than 500 employees is $2.98 million in 2023. This cost reflects the financial impact of a data breach, including expenses related to the incident and its damages.

How many vulnerabilities were disclosed in WordPress-related plugins, themes, and the core WordPress platform in 2023?

The number of vulnerabilities disclosed in WordPress-related plugins, themes, and the core WordPress platform in 2023 varies over time. For example, a report from November 8, 2023, indicated that 56 total vulnerabilities emerged in public disclosure, including 37 plugin vulnerabilities and 3 in themes that had security patches available, along with 16 plugin vulnerabilities with no patch available yet.

What are the most common security threats to WordPress sites in 2023?

The most common security threats to WordPress sites in 2023 include:

  1. Vulnerable Plugins and Themes: Vulnerable plugins not updated by site owners are the most common vector for attacks on WordPress websites.
  2. Brute Force Attacks: These attacks involve automated attempts to guess the username and password to gain unauthorized access to a site.
  3. Cross-Site Scripting (XSS): This type of attack injects malicious scripts into web pages viewed by other users.
  4. SQL Injection Attacks: These attacks involve the insertion of a SQL query via the input data from the client to the application.
  5. Sensitive Data Exposure: This occurs when an application reveals sensitive information, such as passwords or personal data, to an attacker.
  6. Cross-Site Request Forgery (CSRF): This attack forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
  7. Outdated Software: Running outdated versions of WordPress, plugins, or themes can leave a site vulnerable to known security issues.

What can I do to reduce the risks and costs associated with WordPress vulnerabilities?

You can go the Do-It-Yourself (DIY) route and attempt to make the regular plugin, theme, and core code updates by either doing them manually or enabling auto-updating features on your live site. The upside is that you can be in charge of your site’s destiny and avoid paying a professional to do this work. The downside is that when an update inevitably breaks your site you will need to troubleshoot to find the root cause of the issue, perform a restore from backup (if you have one), or turn to a WordPress professional to have the site fixed.

You can also proactively hire a WordPress professional who will back up your site, test the updates on a development or staging version of your site, and then deploy the updates to the live site. The downside is that your website budget will need to be increased a bit to accommodate the cost of outsourcing this critical task. The upside is that you can treat that cost as an investment or insurance and then allocate your time, and the time of your developers, to more important revenue-generating work.

WordPress maintenance cycle

Gone are the days of clicking “Update” and hoping for the best. Let Webidextrous manage your maintenance. We’ll give you back your time and peace of mind.

More Information

The following two tabs change content below.
Rob Watson is the CEO of Webidextrous, a web consultant, and a developer. Beginning in 1996 as a self-taught web designer, he has created websites for everyone from small business owners to multi-national companies. He is the co-organizer of the West Orlando WordPress Meetup and a WordCamp speaker.


Submit a Comment

Your email address will not be published. Required fields are marked *



  • Web Design (10)
  • WordPress (10)
  • Hosting (7)
  • Search Engine Optimization (7)
  • Social Media (7)
  • Customer Service (6)
  • Digital Advertising (4)
  • Website Performance (4)
  • Website Security (4)
  • Accessibility (3)
  • Reset


  • wordpress (17)
  • web design (10)
  • SEO (7)
  • customer service (6)
  • security (6)
  • social media (6)
  • digital advertising (4)
  • hosting (4)
  • pricing (4)
  • reputation management (4)
  • Reset

post author

  • Rob Watson (102)
  • Matt Lee (1)
  • Reset

post type

  • post (73)
  • page (30)
  • Reset