WordPress Security Statistics
Real-time security stats from 500+ audited plugins and 200+ themes.
Overview
2,387
Plugins audited
0
Themes audited
179,727
Total findings found
180
Avg findings / plugin
Grade Distribution
How audited plugins score across WP HealthKit's A–F grading scale.
Key Insight
180
Average findings per WordPress plugin
Each finding represents a potential security issue, code quality violation, or compatibility problem identified by the 49-layer WP HealthKit audit engine.
Coding Standards Compliance
PHPCS compliance scores across all audited plugins. Higher is better.
100
Average coding standards score
100%
Scoring 90 or above
(1,000 plugins)
0%
Scoring below 50
(0 plugins)
What This Means
The average WordPress plugin carries 180 distinct findings — a mix of security vulnerabilities, coding standards violations, type-safety issues, and accessibility gaps. This does not mean every plugin is dangerous: many findings are low severity and easy to address. However, it does illustrate how much room for improvement exists across the ecosystem.
Grade distribution skews toward the middle: most plugins land in the B or C range, meaning they pass basic security checks but have meaningful code quality debt. Only a minority achieve the A grade, which requires near-zero critical findings, strong PHPCS compliance, and clean PHPStan output.
Coding standards scores below 50 are a red flag — they typically correlate with higher numbers of security findings and poor long-term maintainability. Plugins scoring 90 or above are generally well-maintained and actively updated by their developers.
How does your plugin compare?
Run a free 49-layer audit and see exactly where your plugin sits relative to the ecosystem averages.
Check your plugin