There have been a lot of posts lately talking about how secure WordPress core is and how so few vulnerabilities have been reported over the last few years. WPEngine had one that became very popular a few months ago and I’ve seen numerous others. I’ve even written myself on how WordPress problems are not necessarily in the code but are instead a result of education and the human element of WordPress.
That said, WPDaily has an infographic this morning talking about WordPress security where they list a full 32% of WordPress vulnerabilities as being in core and 40% in plugins and themes. While I don’t have the time to really look into this claim this morning I still find their numbers quite intriguing especially coming on the back of WordPress 3.5.2 which patched seven vulnerabilities itself.
So which is it? Is WordPress secure or isn’t it? Considering my plugin I’m not going to elaborate on my thoughts. I’m more interested in what you think. Lets talk about it in the comments below.