ThreatSpot WordPress Security Index

A monthly score tracking how well small-business WordPress sites follow modern security best practices.

40
out of 100
70960 sites 110013 scans Last 30 days

Updated June 20, 2026 Cached 2026-06-20T14:01:28.476433

Grade Distribution
A
0.3%
350
B
1.8%
1937
C
18.5%
20384
D
27.7%
30447
F
43.3%
47657
Category Pass Rates
Check Pass Rate
SSL/TLS Config 6.9%
Security Headers 0.3%
CSP Policy 0.0%
Cookie Security 87.7%
Mixed Content 79.3%
Server Banner 1.3%
Version Exposure 69.3%
TLS Protocols 96.1%

How does your site compare?

Run a free security scan to see your score vs the global average.

Run a Free Scan
Methodology

The ThreatSpot WordPress Security Index is the average security score across all scans performed in the last 30 days. Each site is scored 0–100 based on:

  • SSL/TLS configuration — valid certificate, HSTS, modern TLS version
  • Security headers — CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
  • Cookie security — Secure flag, SameSite, HttpOnly
  • Server version disclosure — whether version info is exposed
  • Mixed content — HTTP resources on HTTPS pages
  • Known vulnerable plugins — cross-referenced with NVD, CISA KEV, and EPSS data

All data is anonymized and aggregated. No individual site data is exposed. The sample focuses on small-business WordPress sites.