The Data
Turkey at 93% WordPress was our most striking country-level finding. Now Iran matches it exactly — same percentage, different mechanism. Turkey's monoculture comes from freelance marketplace economics. Iran's comes from sanctions that limit access to global SaaS platforms, cloud services, and modern hosting.
The Sanctions Effect
Shopify doesn't operate in Iran. Vercel, Netlify, and most CDN providers restrict Iranian accounts. When the modern deployment ecosystem is blocked by sanctions, WordPress on a local PHP host becomes the only option. The monoculture isn't a technology choice — it's a sanctions outcome.
The Systemic Risk Compounds
93% WordPress concentration means every WordPress vulnerability is a national-scale event. But unlike Turkey, Iranian sites have limited access to the global security response ecosystem. Patch distribution is slower. Security tooling is restricted. The monoculture risk is compounded by isolation from the response infrastructure.
