Compromised WordPress blogs were used to host nearly 12,000 phishing sites in February. This represents more than 7% of all phishing attacks blocked during that month, and 11% of the unique IP addresses that were involved in phishing. WordPress blogs were also responsible for distributing a significant amount of web-hosted malware — more than 8% of the malware URLs blocked by Netcraft in February were on WordPress blogs, or 19% of all unique IP addresses hosting malware.