Skip to main content
WP HealthKit
Live Data

WordPress Security Statistics

Real-time security stats from 500+ audited plugins and 200+ themes.

Overview

2,387

Plugins audited

0

Themes audited

179,727

Total findings found

180

Avg findings / plugin

Grade Distribution

How audited plugins score across WP HealthKit's A–F grading scale.

A
Grade A617 plugins — 62%
B
Grade B232 plugins — 23%
C
Grade C92 plugins — 9%
D
Grade D59 plugins — 6%

Key Insight

180

Average findings per WordPress plugin

Each finding represents a potential security issue, code quality violation, or compatibility problem identified by the 49-layer WP HealthKit audit engine.

Coding Standards Compliance

PHPCS compliance scores across all audited plugins. Higher is better.

100

Average coding standards score

100%

Scoring 90 or above

(1,000 plugins)

0%

Scoring below 50

(0 plugins)

What This Means

The average WordPress plugin carries 180 distinct findings — a mix of security vulnerabilities, coding standards violations, type-safety issues, and accessibility gaps. This does not mean every plugin is dangerous: many findings are low severity and easy to address. However, it does illustrate how much room for improvement exists across the ecosystem.

Grade distribution skews toward the middle: most plugins land in the B or C range, meaning they pass basic security checks but have meaningful code quality debt. Only a minority achieve the A grade, which requires near-zero critical findings, strong PHPCS compliance, and clean PHPStan output.

Coding standards scores below 50 are a red flag — they typically correlate with higher numbers of security findings and poor long-term maintainability. Plugins scoring 90 or above are generally well-maintained and actively updated by their developers.

How does your plugin compare?

Run a free 49-layer audit and see exactly where your plugin sits relative to the ecosystem averages.

Check your plugin