Skip to content
Future-Ready

Next.js Overtakes WordPress on the High-Traffic Web

WebPulse scanned 9,947 of the world's most-visited domains. Next.js now powers 24.9% of detected frameworks. WordPress dropped to 22.4%. The crossover happened in under 16 months.

· 6 min read
Share on X LinkedIn
Next.js Overtakes WordPress on the High-Traffic Web

The Crossover

In May 2025, WebPulse scanned the Tranco top 10,000 — a research-grade ranking of the world's most-visited websites. WordPress led with 30.4% of detected frameworks. Next.js sat at 17.0%. Fourteen months later, in July 2026, WebPulse repeated the scan with an expanded 30-framework detector. Next.js now leads at 24.9%. WordPress has dropped to 22.4%. That is a 16-point swing — 8 points gained by Next.js, 8 points lost by WordPress — in just over a year.

24.9%
Next.js share (July 2026)
Source: WebPulse Tranco Census (9,947 domains)
22.4%
WordPress share (July 2026)
Source: WebPulse Tranco Census (9,947 domains)
16 percentage points
Swing since May 2025
Source: WebPulse baseline comparison

This is not a niche framework displacing a niche framework. WordPress powers roughly 40% of all websites globally. But the high-traffic web — the top 10,000 domains that handle the vast majority of internet traffic — has different requirements. These are sites run by engineering teams, not solo operators. They need performance at scale, edge deployment, and increasingly, AI-readiness. WordPress was not built for any of these.

What the Numbers Show

The July 2026 census scanned 9,947 domains from the Tranco list after filtering infrastructure (CDNs, ad networks, DNS providers). Of those, 3,301 returned detectable framework signatures — a 33.2% detection rate. The full framework distribution reveals that the shift is not just about Next.js gaining. The entire legacy category is contracting.

27.0% → 21.1%
Drupal share change
Source: WebPulse Census (May 2025 → July 2026)
2.6% → 0.6%
Shopify share change
Source: WebPulse Census (May 2025 → July 2026)

Drupal dropped from 27.0% to 21.1% — nearly 6 percentage points. Shopify fell from 2.6% to 0.6%. Magento collapsed from 0.4% to 0.1%. Among legacy CMS platforms, only Joomla held roughly steady, and at 0.3% that stability is statistical noise. The high-traffic web is not gradually drifting away from legacy infrastructure. It is actively migrating.

Where the Traffic Went

WebPulse tracked 2,958 domains that appeared in both the May 2025 and July 2026 scans. Of those, 118 changed their detected framework — a 4.0% migration rate. The dominant migration flows tell the story: wordpress→nextjs, drupal→nextjs, gatsby→nextjs. Next.js is the destination, not just a growing alternative.

The secondary flow is worth noting. Four domains migrated from Next.js to Astro — a static site generator with zero critical CVEs. The zero-CVE cohort (Hugo, HTMX, Astro, SvelteKit) grew its combined share from 3.2% to 4.1%. For sites that do not need server-side rendering, the lightest possible stack is gaining appeal.

What This Means for Security

WordPress carries 18,253 CVEs in the NVD. Next.js carries fewer than 50. The framework that now leads the high-traffic web has two orders of magnitude fewer known vulnerabilities than the one it replaced. This is not a coincidence. Next.js's architecture — server components, edge rendering, no plugin ecosystem — simply generates fewer vulnerability classes.

For security teams, the crossover is data confirming what observation already suggested: the organizations that handle the most traffic have already decided that legacy CMS platforms are a liability. The rest of the web follows where the top 10,000 lead. WordPress is not dying. But on the web that matters most — the sites that handle the traffic, process the transactions, and attract the attackers — it is no longer the default choice.

18,253
WordPress NVD CVEs
Source: NVD/NIST (July 2026)
<50
Next.js NVD CVEs
Source: NVD/NIST (July 2026)
Share this insight