Steve Burge Written by 

Two-Thirds of WordPress, Joomla and Drupal Sites Are Out-of-Date

September 9, 2012
in Opinion

We have a problem with the website software we love. The majority of them are constantly out-of-date and insecure.

Don't believe me? Let me show the proof that two-thirds of WordPress, Drupal and Joomla sites are probably out-of-date.

WordPress

We're able to get WordPress stats directly from WordPress.org.

Although WordPress is the easiest CMS to update, only 33.4% currently run WordPress 3.4, which was released in May 2012. That means at least 66.8%, or over two-thirds of all WordPress sites, are running out-of-date and unsafe versions.

wordpress

Drupal

Drupal also provides official estimates of version usage. The trend is almost exactly the same as WordPress. Out of 387,624 sites that run Drupal 7, only 129,091 run the latest version, which is 7.15. That means that 33.3% of Drupal sites are up-to-date and 66.6% of sites are out-of-date.

drupal

Joomla

There are no official stats available for Joomla, but there's no reason to suspect Joomla installations are updated any more frequently than either WordPress or Drupal.

We can come up with an approximate estimate of Joomla version usage by using these stats from W3Techs.com. Bare with me and my math for a few minutes.

  • If you didn't know, Joomla 1.6, 1.7 and 2.5 form part of the same series.
  • Joomla 1.6 and 1.7 are listed as having a 8.4% share of all the sites using a version numbered. 8.4% of 94.1% gives us 7.9%.
  • Joomla 2.5 is listed as having 5.8% of the Joomla market share.
  • Out-of-date versions of Joomla have 7.9% market share and Joomla 2.5 has 5.8%.
  • So, Joomla 2.5 has a 42% share of sites in the current series. That means 58% of sites are out-of-date.

That certainly isn't the best guesstimate in the world, but it passes the smell test because it fits in fairly closely with those for WordPress and Drupal.

Conclusions

Based on the averages above, almost 64% of WordPress, Drupal and Joomla sites are out-of-date and possibly unsafe.

This isn't good for the reputation of these projects, all of whom we love.

What are the possible solutions?

  • Automatic updating. Matt Mullenweg from WordPress has raised this idea often. He often talks of wanting to make version numbers obsolete and allowing WordPress to update like Chrome. However, it's a technically tricky task. If it was easier, it probably would have been done by now.
  • Take the fear out of the process. People have grown scared of updating because too many things have broken for them during past updates. I've heard several ideas to help reassure people including taking backups of a site whenever it updates. If we can build better staging options, we can also make it easier for people to test changes before they update their live sites.
  • Better tools. We're building Admincredible to allow people to update sites en masses. Lots of others are thinking along the same lines too. Our goal is allow you to update all your sites. We aim to make updating so easy and painless that you can update your site while sitting in the bathroom or standing in line at the post office. The easier we can make updating, the more people will do itand the safer all our sites will be.

Do you have any ideas that would help ensure people update their sites more regularly? Let us know in the comments ...

Steve Burge

Steve loves working with open source software. He teaches at OSTraining and wrote "Joomla Explained". He is currently writing "Drupal Explained" and "WordPress Explained". He's a Brit, from Portsmouth, and currently lives in Atlanta, Georgia.

back to top