Asia's Largest Web Footprint, One Framework Deep
WebPulse's Common Crawl scan detected 175,103 sites in Japan — the largest web footprint of any Asian country in our dataset. Of those, 87.2% run WordPress. That translates to approximately 152,690 WordPress installations in a single G7 economy. Only 8.4% of Japan's detected sites use modern frameworks.
The G7 Comparison
Germany runs 77.9% WordPress across 222,409 sites. France runs 75.0% across 144,324 sites. The UK runs 74.5% across 131,287 sites. Japan's 87.2% is not in the same range — it is 10 to 13 percentage points higher than every other G7 economy in the scan. Japan's modern framework adoption rate of 8.4% is half of Russia's 11.3%, a country under sustained sanctions pressure with limited access to Western cloud infrastructure.
What 18,321 CVEs Mean at 87.2% Concentration
WordPress carries 18,321 total CVEs in its ecosystem — more than every other framework WebPulse tracks combined. Five are rated critical. Twenty-six are high severity. Sixty-six new CVEs appeared in the last year alone. WordPress scores 25.0 on WebPulse's security dimension, the lowest of any tracked framework. When 87.2% of a nation's web infrastructure runs on the framework with the worst security record, concentration becomes a national-level risk factor.
For comparison: Next.js carries 92 total CVEs with a security score of 90.0. Astro carries 60 CVEs with a security score of 90.0. Hugo carries zero CVEs. Japan's web is concentrated on the single framework that accumulates vulnerabilities faster than any other.
The Modern Adoption Gap
Japan's 8.4% modern framework adoption places it closer to Turkey (3.5%) and Romania (1.7%) than to the innovation economies it competes with. Next.js represents 2.6% of all detected sites globally — 263,488 sites. Japan's share of that modern layer is disproportionately small given the size of its economy and the sophistication of its technology sector.
This is not a technology access problem. Japan has world-class engineering talent, major cloud providers with local regions, and enterprise IT budgets that rival any G7 member. The 87.2% figure reflects institutional inertia — organizations that chose WordPress in 2015 and never migrated, agencies that standardized on it, and a hosting ecosystem optimized for PHP.
The Business Calculation
WordPress scores 47.0 overall on WebPulse — firmly in the 'caution' tier. Its AI-readiness score is 35.0. Its ecosystem score is 65.0. For Japanese enterprises evaluating their digital infrastructure against AI-first competitors, the framework powering 87.2% of the nation's web is rated 'caution' across every major dimension. Next.js scores 83.8 overall with 88.0 AI-readiness. Astro scores 83.1 with 92.0 AI-readiness. The gap between Japan's framework reality and the recommended tier is 36.8 points.
Japan's 175,103-site web footprint is large enough to matter at the macroeconomic level. At 87.2% WordPress dependency, the country's web infrastructure carries concentrated vulnerability, limited AI-readiness, and a maintenance burden that grows with every CVE disclosure. The G7's most advanced manufacturing economy runs the G7's most vulnerable web.
