This week WordPress managed host WP Engine released “[i]nsights from a global study of 1,700+ digital leaders on the real costs of maintaining” websites. The study suggests, not surprisingly, that there is a lot of concern when it comes to security with usage of WordPress. We will have more on that a in separate post, but one figure included in their study highlighted how little it would cost to improve the security of WordPress.

WP Engine tabbed the total cost of one WordPress website at $2,408,789:

As touched on a month ago, based on some obvious security issues, the core WordPress software looks like it hasn’t received a security review since at least 2009. The cost for a review that would catch those issues (and likely more) would only be $6,100. That would be .25% of the total cost of one website.

While WP Engine could easily afford to sponsor such a review, they don’t seem all that concerned about security, considering, among a litany of issues, they have knowingly left one of their plugins with 100,000+ installs vulnerable since at least October.