WordPress Security Statistics
Real-time security stats from 500+ audited plugins and 200+ themes.
Overview
16
Plugins audited
0
Themes audited
7,138
Total findings found
14
Avg findings / plugin
Grade Distribution
How audited plugins score across WP HealthKit's A–F grading scale.
Key Insight
14
Average findings per WordPress plugin
Each finding represents a potential security issue, code quality violation, or compatibility problem identified by the 46-layer WP HealthKit audit engine.
Coding Standards Compliance
PHPCS compliance scores across all audited plugins. Higher is better.
0
Average coding standards score
0%
Scoring 90 or above
(0 plugins)
0%
Scoring below 50
(0 plugins)
What This Means
The average WordPress plugin carries 14 distinct findings — a mix of security vulnerabilities, coding standards violations, type-safety issues, and accessibility gaps. This does not mean every plugin is dangerous: many findings are low severity and easy to address. However, it does illustrate how much room for improvement exists across the ecosystem.
Grade distribution skews toward the middle: most plugins land in the B or C range, meaning they pass basic security checks but have meaningful code quality debt. Only a minority achieve the A grade, which requires near-zero critical findings, strong PHPCS compliance, and clean PHPStan output.
Coding standards scores below 50 are a red flag — they typically correlate with higher numbers of security findings and poor long-term maintainability. Plugins scoring 90 or above are generally well-maintained and actively updated by their developers.
How does your plugin compare?
Run a free 46-layer audit and see exactly where your plugin sits relative to the ecosystem averages.
Check your plugin