Informe de Inteligencia sobre Amenazas de WordPress: Análisis del T4 2025
Este es un resumen del artículo. Si necesitas contexto adicional, aquí tienes el enlace original: https://www.wordfence.com/blog/2026/02/quarterly-wordpress-threat-intelligence-report-q4-2025/
As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive defense-in-depth for every layer of a WordPress website’s security.
It’s important to understand that a complete security solution requires both protection and detection; while protection is crucial for preventing initial compromises, detection is equally vital for a wholesome WordPress site security strategy.
There’s a Wordfence Option for Every Site Owner
There’s a Wordfence Option for Every Site OwnerWhether you run a personal blog or manage hundreds of client websites, Wordfence has a plan tailored to your needs:
Wordfence Free – Industry-leading Web Application Firewall (WAF) blocking 95% of known threats out of the box, malware scanning, Two-Factor Authentication (2FA), and more. 30-day delay on malware signatures and new firewall rules.
Wordfence Premium – Real-time firewall and malware signature updates, plus powerful tools like an audit log for deeper insight and monitoring.
Wordfence Care – Around-the-clock monitoring by our team, hands-on remediation if something goes wrong, and priority support for true peace of mind.
Wordfence Response – All the benefits of Wordfence Premium and Care with one hour response times for immediate remediation of security breaches.
This regular report highlights trends and changes in the WordPress security landscape, empowering you as a site owner to proactively protect your website against current vulnerabilities and threats, and to better understand the protections Wordfence provides through it’s robust threat intelligence.
Table of Contents
Threat Intelligence Key Highlights Q4 2025
As the industry leader in WordPress security we have access to attack telemetry and vulnerability intelligence that no other security provider can compare to. We know exactly what vulnerabilities will become a target for threats, what the biggest threats to WordPress are, and how to prioritize remediation and protection against WordPress. The following presents some key highlights of WordPress threats and vulnerabilities in Q4 2025.
What this means for site owners: Keep plugins and themes updated regularly, enable 2FA, run regular security scans, follow strong password security, and rely on a WAF like Wordfence for protection before vulnerabilities are patched and continuous monitoring.Wordfence Vulnerability Intelligence Highlights for Q4 2025
The Wordfence Bug Bounty Program’s primary mission is to attract the highest quality vulnerability research in the WordPress space based on high impact and high severity vulnerabilities that are the most likely to be exploited. Due to this, you can rest assured knowing that you have the best protection available for vulnerabilities that pose the most significant risk to your site before they are even disclosed to the vendor.
Total Vulnerabilities Published
In Q4, there were 2,213 vulnerabilities added to the Wordfence Intelligence vulnerability database. Wordfence was responsible for remediating and disclosing 49.7% of the total. The following chart highlights the trend in new vulnerabilities disclosed over this period.
Total High Threat Vulnerabilities Published
In Q4, there were 131 high threat vulnerabilities added to the Wordfence Intelligence vulnerability database. These vulnerabilities pose the most significant threat to WordPress websites as attackers are very likely to target them in the real-world, and they can generally lead to full site compromise with minimal requirements. Often generic, or non-WordPress specific firewalls do not provide adequate protection against these vulnerabilities. Wordfence was the source of disclosure for 74.8% of those vulnerabilities, highlighting how the Wordfence firewall can provide you with the fastest protection for WordPress vulnerabilities that pose the most significant risk to your WordPress site.
Total Common and Dangerous Vulnerabilities Published
In Q4, there were 100 common and dangerous vulnerabilities added to the Wordfence Intelligence vulnerability database. Wordfence was responsible for remediating and disclosing 69.0% of these common and dangerous vulnerabilities. These vulnerabilities are some of the most commonly found in WordPress plugins and themes, but are still prime targets for attackers who are looking for low hanging fruit to exploit.
Patch Status of Reported Vulnerabilities
At the end of Q4, there were 905 vulnerabilities that remained unpatched. This highlights the importance of utilizing a security scanner like Wordfence that will alert you when an unpatched vulnerability is present on your site so you can take remedial action, like removing the software, immediately.
Install Count Distribution of Affected Software
The following highlights the average distribution of install counts for software affected by vulnerabilities reported in this quarter.
Authentication Level To Exploit Distribution
Most vulnerabilities disclosed in Q4 required no authentication to exploit. This is different from from Q3 2025 where contributor-level access was required to exploit for the majority of vulnerabilities published.
Affected Software Type Distribution (Plugins/Themes/Core)
As usual, the majority of the vulnerabilities disclosed in Q4 were plugin related vulnerabilities.
Top 10 Vulnerability Classes Published
The following highlights the most commonly published vulnerabilities in Q4 2025.
Vendors Registered for the Vulnerability Management Portal
This quarter, we had 201 vendors sign up to manage their WordPress software’s security through the Vulnerability Management Portal (+2.6% from previous quarter). This covers 1,391 distinct plugins and themes (+14.0% from previous quarter). Vendors who register for the Wordfence Vulnerability Management Portal demonstrate a strong commitment to WordPress security as they are notified in real-time when a new vulnerability has been discovered or reported in their software. If you’re a WordPress vendor and you’d like to sign up for real-time vulnerability alerts and centralized vulnerability management, get started here.
Wordfence Threat Intelligence Summary for Q4 2025
Threat intelligence is at the heart of Wordfence’s industry-leading security solutions. As the largest security provider for WordPress, we collect and analyze attack telemetry from millions of sites worldwide. This unparalleled visibility gives us real-time insight into what attackers are targeting and when, empowering us to deliver the fastest and most effective protection for WordPress.
Web Application Firewall (WAF) Attack Data Highlights
Total Requests Blocked and Logged by the Wordfence Firewall Over Q4
The following chart highlights how many exploit and probing requests the Wordfence Firewall has blocked over the course of Q4.
Top 10 User Agents Engaged in Exploiting Vulnerabilities
The following chart highlights the top 10 user agents that have been used in exploit and enumeration attempts across the network of sites we protect.
Top 10 Unique Vulnerabilities Targeted by Attackers
The following section highlights the top 10 unique vulnerabilities being targeted by attackers.
Top 10 Attacking Countries
The following section highlights the top 10 countries engaged in initiating attacks against WordPress websites.
Top 10 Attacking IP Addresses
The following are the top 10 IP Addresses engaged in targeting WordPress website vulnerabilities.
Top 5 “Generic” Vulnerability Types Targeted By Attackers
This section highlights the most attacked common vulnerability types.
Password Attacks Data Highlights
Total Password Attacks Blocked by the Wordfence Firewall Over Q4
The following chart highlights how many password attacks the Wordfence Firewall has blocked over the course of Q4.
Top 10 Countries with the Most Distinctly Unique IP Addresses Engaged in Password Attacks
The following chart highlights countries with the most unique IP addresses originating from them engaged in password attacks.
Top 10 Countries with the Highest Volume of Password Attacks Blocked
While the above chart highlights countries with the most unique IP Addresses targeting them. The following chart highlights countries with the most password attack activity based on number of requests, rather than distinctly unique IP Addresses.
Password Attacks Blocked by Type
This section highlights what password attack techniques are the most common.
Wordfence Malware Intelligence Report for Q4 2025
No security solution would be complete without malware detection or scanning. It’s a critical element to website security that if your site gets hacked, it gets detected so that you can take swift remedial action to protect your business and brand reputation.
Malware Attack Data Highlights
Number of Distinct Sites With Malware Detected Over Q4
The following chart highlights the average amount of sites with at least once piece of malware detected over the course of Q4.
Malware Detected by File Type
The following chart highlights the most commonly detected malware based on file type. PHP files are often associated with webshells, backdoors, infostealers, and skimmers while files like JavaScript and HTML are often associated with spam.
Malware Detected Based on Uploaded Location
The following chart highlights where malware is most commonly uploaded.
Report Archives for Q4 2025
Access the complete collection of detailed vulnerability and bug bounty reports published during Q4 2025. These archives provide comprehensive documentation of all security issues identified and addressed throughout the quarter.
Weekly Vulnerability Report Archive
In case you missed any of the weekly vulnerability reports from Q4, you can find the complete list of them here:
- Wordfence Intelligence Weekly WordPress Vulnerability Report (September 29, 2025 to October 5, 2025): https://www.wordfence.com/blog/2025/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-september-29-2025-to-october-5-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (October 6, 2025 to October 12, 2025): https://www.wordfence.com/blog/2025/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-october-6-2025-to-october-12-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (October 13, 2025 to October 19, 2025): https://www.wordfence.com/blog/2025/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-october-13-2025-to-october-19-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (October 20, 2025 to October 26, 2025): https://www.wordfence.com/blog/2025/10/wordfence-intelligence-weekly-wordpress-vulnerability-report-october-20-2025-to-october-26-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (October 27, 2025 to November 2, 2025): https://www.wordfence.com/blog/2025/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-october-27-2025-to-november-2-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (November 3, 2025 to November 9, 2025): https://www.wordfence.com/blog/2025/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-3-2025-to-november-9-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025): https://www.wordfence.com/blog/2025/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-10-2025-to-november-16-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (November 17, 2025 to November 23, 2025): https://www.wordfence.com/blog/2025/11/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-17-2025-to-november-23-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (November 24, 2025 to November 30, 2025): https://www.wordfence.com/blog/2025/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-november-24-2025-to-november-30-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025): https://www.wordfence.com/blog/2025/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-1-2025-to-december-7-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (December 8, 2025 to December 14, 2025): https://www.wordfence.com/blog/2025/12/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-8-2025-to-december-14-2025/
- Wordfence Intelligence Weekly WordPress Vulnerability Report (December 15, 2025 to January 4, 2026): https://www.wordfence.com/blog/2026/01/wordfence-intelligence-weekly-wordpress-vulnerability-report-december-15-2025-to-january-4-2026/
Monthly Bug Bounty Report Archive
If you missed any of the monthly Bug Bounty Program Reports from Q4, you can find those all here:
- October: https://www.wordfence.com/blog/2025/11/wordfence-bug-bounty-program-monthly-report-october-2025/
- November: https://www.wordfence.com/blog/2025/12/wordfence-bug-bounty-program-monthly-report-november-2025/
- December: https://www.wordfence.com/blog/2026/01/wordfence-bug-bounty-program-monthly-report-december-2025/
Conclusion: Key Takeaways For Site Owners
When it comes to securing your WordPress site, a defense-in-depth strategy is essential. No single solution can stop every attack, but by layering protection, detection, and active monitoring, you dramatically reduce your risk and increase your ability to respond quickly when threats emerge.
Protection
The first line of defense is preventing attacks from succeeding in the first place. A strong firewall, timely vulnerability patches, and hardened configurations help block malicious traffic before it ever reaches your site. By leveraging Wordfence’s threat intelligence, you’re protected against the latest exploits that attackers are actively using in the wild. This proactive protection ensures your site is guarded not just against known threats, but against emerging attack patterns.
Detection
Even the best defenses can be tested, which is why detection is critical. Comprehensive scanning helps identify vulnerabilities, malware, or suspicious changes on your site that could signal an attempted compromise. With Wordfence’s real-time scanning powered by global attack data, you gain visibility into threats that may have slipped past other layers of defense, allowing you to act before they cause serious damage.
Active Monitoring
Continuous monitoring serves as your early warning system. Real-time alerts about critical events, login attempts, and file changes help you stay ahead of threats. Wordfence’s comprehensive monitoring doesn’t just tell you something happened, it provides the context and intelligence you need to understand the severity and respond appropriately. This constant vigilance means you’re never flying blind when it comes to your site’s security posture.
Security isn’t a “set it and forget it” task. Active monitoring ensures your site is continuously observed for suspicious behavior, login attempts, and traffic anomalies. Attackers often probe sites for weaknesses over time; having real-time monitoring means you’ll know immediately if your site is being targeted. Wordfence’s monitoring tools provide alerts and insights so you can take swift action, whether that’s blocking an attacker, tightening access, or responding to a detected vulnerability.
By combining protection, detection, and monitoring, you create a strong defense-in-depth strategy for your WordPress site. Wordfence brings all three layers together in one solution, making it simple to secure your site and stay ahead of attackers. Install Wordfence today and put industry-leading security to work for you.
The post Quarterly WordPress Threat Intelligence Report – Q4 2025 appeared first on Wordfence.
Puedes consultar el artículo original aquí: https://www.wordfence.com/blog/2026/02/quarterly-wordpress-threat-intelligence-report-q4-2025/