A good rule of thumb based on what we have seen over the years is that stats on security are probably not accurate. So it isn’t surprising that when we looked into a claim by a company named Imperva that WordPress vulnerabilities tripled in 2018, it was a mess, but that hasn’t stopped security journalists from repeating the claim.

When we ran across the claim our first question was what the source of their data was and looking at Imperva’s post they only give a vague explanation: [Read more]