WordPress Version Survey
A while ago I saw the blog version survey at BlogSecurity.net and got an idea to do my own. The previous survey is more than 8 months old and several new WordPress version have been released since then, so I think a new study is in order 🙂
I collected a large list of WordPress blogs by searching for common WP footprints on Google. Then I used a simple PHP script to determine what version of WordPress they were running. After filtering out invalid results and blogs that hide their version info, I arrived at a list of 1331 WordPress blogs to use in this survey.
The results are displayed below.
WordPress Version Popularity (Summary)
| Version | Blogs | % |
|---|---|---|
| WordPress 2.4 – 2.5 | 23 | 1,7% |
| WordPress 2.3.x | 772 | 58,0% |
| WordPress 2.2.x | 246 | 18,5% |
| WordPress 2.1.x | 103 | 7,7% |
| WordPress 2.0.x | 126 | 9,5% |
| WordPress 1.5.x | 26 | 2,0% |
| Other | 35 | 2,6% |
As you can see, around 40% of the surveyed blogs still use versions older than the 2.3.x branch. This is dangerous, because there are many known vulnerabilities and exploits for old versions of WP.
Below is a more detailed table for those who aren’t satisfied with the above summary.
Detailed WordPress Version Data
| Version | Blogs |
|---|---|
| WordPress/2.5-beta1 | 7 |
| WordPress/2.4-bleeding | 1 |
| WordPress 2.5-beta1 | 9 |
| WordPress 2.4-bleeding | 6 |
| WordPress 2.3.3 | 402 |
| WordPress 2.3.2 | 170 |
| WordPress 2.3.1 | 160 |
| WordPress 2.3 | 40 |
| WordPress 2.2.3 | 36 |
| WordPress 2.2.2 | 60 |
| WordPress 2.2.1-RC2 | 2 |
| WordPress 2.2.1 | 74 |
| WordPress 2.2 | 74 |
| WordPress 2.1.3 | 34 |
| WordPress 2.1.2 | 31 |
| WordPress 2.1.1 | 5 |
| WordPress 2.1 | 33 |
| WordPress 2.0.9 | 2 |
| WordPress 2.0.7 | 7 |
| WordPress 2.0.6 | 5 |
| WordPress 2.0.5 | 24 |
| WordPress 2.0.4 | 23 |
| WordPress 2.0.3 | 10 |
| WordPress 2.0.2 | 31 |
| WordPress 2.0.11 | 3 |
| WordPress 2.0.10 | 4 |
| WordPress 2.0.1 | 4 |
| WordPress 2.0 | 12 |
| WordPress 2 | 1 |
| WordPress 1.5.3-beta1 | 2 |
| WordPress 1.5.2 | 12 |
| WordPress 1.5.1.3 | 4 |
| WordPress 1.5.1.2 | 1 |
| WordPress 1.5 | 7 |
| WordPress 1.2.2 | 1 |
| WordPress 1.2.1 | 1 |
| WordPress 1.2-beta | 1 |
| WordPress 1.2 | 3 |
| WordPress 1.0.2 | 1 |
| WordPress* | 28 |
* Blogs that didn’t disclose a version number; just “WordPress”.
Related posts :
Subscribe via RSS
Get Updates by Email
Please correct me if I’m wrong, but WordPress 2.0.11 (the “legacy” version) is stable and is still considered to be safe to use.
I haven’t seen any exploits targeted at that version specifically, but something like this might still apply in certain cases.
Anyway, I’m not a WP security expert 😉