It is possible to determine the version of WordPress Core that a site is running through a number of methods. The simplest is where in the default configuration WordPress reports the version in the Meta Generator Tag within the HTML of the page. Another location is within a ver paratemeter within the HTML often seen on plugins. Using these methods we were able to determine the version of 71 out of the 100 sites.
It is clear from the above data that there is a significant spread of WordPress core versions even amoung the most popular sites in the world. Some of the versions listed above have known security vulnerabilities. Perhaps they have been mitigated by the sites in question. Perhaps not.
Examination of the HTTP header shows the web server that a site is running on. A total of 73 of the 100 sites are running on nginx, while 13 are running on Apache. It is interesting that of the 73 nginx servers, 31 of those are running on CloudFlare that provides the front end delivery for the site.
The presence of Microsoft IIS servers is always a surprise to me when looking at sites running on WordPress and PHP, but if you are working in a Microsoft Server Environment and wish to use WordPress it obviously is an option.
Hosting netblock is simply determined from the IP address of the server. It should be noted that some managed WordPress hosting companies may be using Amazon services. In this case they would be included in the count for Amazon. For those paying attention you will see that CloudFlare is reported as having 27 sites in CloudFlare owned Netblocks. Under the web servers the count is 31. The 31 came from the web server reporting Server: cloudflare-nginx in the HTTP header. It appears some of the cloudflare IP address have not been listed under CloudFlare netblock owners.
Included in the chart were only Netblocks with 2 or more sites listed. For the full list of netblocks see the Top 100 list.
Everyone loves a good map on a page of charts. Mapped here are the IP address locations of the top 100 WordPress sites. The locations were determined using the Maxmind IP address location service.
The size of the circle represents multiple servers in that location. The big circle in the middle of the United States is the default for the United States when Maxmind cannot determine an accurate location (accurate to country level only). 77 of the top 100 are located within the United States.
Running a high traffic WordPress site requires some effort in ensuring the site is fast and responsive.
Caching plugins play a big part in reducing the amount of PHP compute and database calls required to deliver a page. The plugins have been found from examination of the HTML comments.
The raw numbers here (8 sites found with W3 Total Cache) are low when compared to the majority of WordPress sites in the top 1 million. From the hosting and server statistics it appears these high traffic sites are more reliant on server based caching and load balancing; with less requirements for software (plugin) based caching.
Examination of the SEO plugins in use can be determined from comments within the HTML. These are there by default for both Yoast SEO and All in one SEO, however it must be noted that they can be removed.
The raw numbers are Yoast SEO was found in 30 sites and All in one SEO in 5 of the top 100.
Did you know some of the best security scanning tools in the world are open source. At hackertarget.com we host security scanning tools so you can easily test your server and network for security vulnerabilities.