The Admin Bar released the results of their 2026 survey of agency owners and freelancers. There are a number of interesting findings. For example, 58.3% are using page builders, 27.8% are using block collections, and 9.7% are using default Gutenberg FSE.

Dries did an experiment where he added a markdown version of his articles, llms.text info files for AI, and then watched what happened. The result was not what people expect.

The Patchstack team has collected and analyzed all the 2025 data about the security of the WordPress ecosystem. Their our annual report shows that attackers are getting more sophisticated, it is getting harder to clean sites, and mention is made of the fact that security procedures may need to change given the rise of AI custom code.

If you read the page source before reading the page copy, then this report on CSS usage might be of interest. This is an in-depth analysis of what CSS is used on the top 100,000 websites. There are some interesting numbers, for instance, for CSS size, in the 50th percentile sites have 309KB of CSS. Note, there is a navigator on right side of the page to see and jump between sections.

The Patchstack team challenges the notion that your web host provides sufficient site security. They setup sites with known vulnerabilities on a number of hosting platforms to see how well their security profile is. It is an interesting and useful test, and they name plugins that had vulnerabilities, but the report would have been twice as useful if they listed the names of the hosting companies. They establish a general presumption that a hosting company’s security is not sufficient, but no one knows if their hosting company was one of the ones tested, and hence “maybe” their host is better or not.

Recent data on Fail2ban and Imunify360 call into question their effectiveness in fighting modern bot attacks. These 2 tools have been widely popular for a long time, and quite effective in the past. Unfortunately, the changing nature of bot attacks and increases in number of IPs they have available (some of the bot networks now have millions of IPs). These tools just aren’t designed to handle these changing conditions.

Katie Keith did some research to ask about plugins whose sales were in decline or flat. There are some interesting findings such that 80% of plugin sales were the same or lower as last year and different types of plugins are more vulnerable than others.

I enjoy reading these Year in Review articles. This one from Katie Keith at Barn2 is very interesting. While overall performance was very good, there was a 17.8% drop in new sales. She reports that other WordPress plugin shops saw something similar and she talks about possible causes. The roundup is an interesting look into what it takes to lead a WordPress plugin company.

Cloudflare’s year in review is an interesting browse to see what technologies are being used. It shows WordPress as 47% of sites using a Content Management System.