Research: WordPress in the Czech Republic (April)

Hi,

I did a complex research of Czech WordPress environment last month. I found and analyzed 65,000 WP sites and tried to determine their versions, used themes and plugins and many more.

Data are related to the Czech Republic, but I think that situation is very similar in other coutries.

1 Like

That’s great, @smitka. Feel free to post more info here about what you found, so we can discuss it. :slight_smile:

Some points from my research:

56% of Czech WP sites using version 3.9+. On the other hand, there are 4% sites using version 2 and lower. I did analysis just before tsunami of WP updates, unfortunately…


11% of sites using default template. Other popular templates are Avada (premium), Graphene, Responsive, Enfold (premium) and Vantage.

The most popular plugins are All in One SEO Pack (28% sites use it), Contact Form 7 (25%), Nextgen Gallery (16%), YARRP (4%) and Slider Revolution (4%).

In case of the Slider Revolution - more than 20 % of sites are using version containing serious vulnerability.

6% sites using some of Security Plugins, the most popular is iThemes Security.

Apache is the most common http server (78%), the second one is nginx (18%).

PHP 5.3 is still the most popular one (unsupported since august 2014).

Almost nobody using HTTPS with valid certificate for his domain (0.24%).

55% don’t using Google Analytics, 27% still using old GA code.

Images represent 58% of the homepages size, javascripts 30% (I didn’t expect such a high number).

Size of images is the most common problem according to Google PageSpeed - I found some sites with more than 70MB of images on their homepage.

Distribution of the PageSpeed scores:


Dominant WP webhoster in the Czech Republic is WEDOS company (low costs, good marketing).

1 Like

Interesting. Do you draw any conclusions from all this? Obviously the message about keeping sites lean is not necessarily getting through. :slight_smile:

I will try to contact creators and owners of vulnerable sites and provide them information how to repair their sites at first. I did similar action in smaller scale before my speech about security on WordCamp Prague - it was pretty succesful, more than hundred sites were patched.

I will also share the main points of my research on Community WordPress conference in Prague next month. Keep WordPress updated isn’t hard in many cases.

The first step in solving a problem is to recognize that it does exist.

Cool. Do you have any advice for WordPress users who visit here?

Updates are crucial in opensource CMS world :smile:

I recommend to use WP Updates Notifier or some dashboard for managing multiple sites (Infinite WP, ManageWP, iThemes Sync).

I also translated and uploaded slides from my WordCamp speech to slideshare (consider it as a beta version, there may be many grammar mistakes):
http://www.slideshare.net/vsmitka/wordpress-security-for-everone

1 Like

I usualy say there are 5 basic rules to keep up WP safe:

  1. Update
  2. Backup
  3. Use a security plugin
  4. Be careful
  5. Delete unnecessary and don’t reveal sensitive information

Update
As I wrote above, use of dashboard to manage all your wordpress instalations is a good practice. It is possible to configure WP to autoupdate themes and plugins, but there is a risk it breaks something. So I prefer “updates available” notification. You can use mentioned WP Updates Notifier.

Backup
Backup Buddy is the best backup plugin I know, there are some free alternatives e.g. BackWPup. I administer our servers my own, so I prefer server side backups.

Security plugins
iThemes Security or Wordfence can greatly strengthen the security. iThemes Security is focused on prevention, there are many options to hide sensitive data and filter strange traffic out. WordFence relies mainly on active protection - it detect a block bots and bad behaving users. I recommend WordFence + .htaccess generated from iThemes Security for sites with higher traffic :smile: WordFence has ability to notify you about new updates too.

Be careful
Connection from an unknown networks isn’t a good idea :slight_smile: Use of good antivirus software is also good idea. There are many “phishermen” trying to cheat you by mail.

Delete unnecessary and hide sensitive info
It is good idea to delete all unused plugins and themes. They can contain bugs even they are not activated. Comments are disabled on many sites, but many users didn’t delete default content (sample page, hello world post) - comments on these page are ususally enabled, so there is opportunity for spammers. Your WP version and usernames is information that the world should not to know.

You can read full article about my research on our blog.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.