In the run up to the new General Data Protection Regulations (GDPR), new data shows that 86.5% of WordPress websites in the UK are vulnerable to known hackable exploits.

With GDPR now only a month away, businesses across Europe are gearing up for what will potentially be one of the biggest shifts in data privacy laws since the 2003 CAN-SPAM Act.

Businesses will face fines of up to €20 million if they do not comply with new legislation and processes, that ultimately put users in control of who, how, and where their personal data is stored.

A key part of GDPR is the business’ responsibility to secure customer data and websites to prevent data breaches, phishing, and other forms of malicious online activity.

Estimates show that WordPress is used by 25–40% of the internet, depending on which source you read, and given its widespread popularity and usage, it is a prime target for hackers.

A recent research study[1] conducted by cybersecurity monitoring platform CyberScanner[2], they scanned 93,930 WordPress websites and 9834 WooCommerce websites based in the UK and found that on average 80.7% contained at least one known, hackable exploit that can be deemed as a severe security risk.

Some of the most common known vulnerabilities scanned for included cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), and SSL certificate problems.

The worst offending WordPress website had a total of 23 separate high-risk known vulnerabilities, among other medium and low risk classified exploits.

Securing your WordPress website

There are more than 100,000 known vulnerabilities that can be exploited by hackers to extract customer data, plant crypto-mining software, or even setup hidden form fields to steal

Read more from our friends at Search Engine Watch