WordPress Continues to Be by Far the Most Hacked CMS

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
The first ever Sucuri - Hacked Website Report provided so much wealth of information Softpedia had material for two stories. The company's report for Q2 comes once again to provide more insight into the world of website hacking, where WordPress continued to be the most targeted platform.

Based on the most recent report, things didn't change from Q1 at all. Sucuri experts called in to investigate hacked websites continued to clean out more WordPress sites than anything else.

Three in four hacked websites was running WordPress
Statistics showed that investigators disinfected a WordPress installation every four websites. Of course, WordPress having a +50% market share was the reason why most hackers concentrate their efforts on the CMS since they have a bigger attack surface to play with.

The other CMS platforms on this list were Joomla (16 percent), Magento (5 percent), Drupal (2 percent), and vBulletin (0.32 percent).

But this stat isn't saying why these sites got hacked. A better stat is the percentage compromised sites running out of date software. Here, only 55 percent of the hacked WordPress sites were running an out of date version.

WordPress was in a much rosy position compared to Magento, where 96 percent of all hacked websites had been compromised because their owners forgot to update.

In fact, WordPress was in the best position among all major CMSs, with Joomla's percentage being 86 percent, and Drupal with 84 percent.

Out-of-date WordPress plugins continue to be a big problem
The reason why WordPress still had a very large number of hacked websites, despite running up-to-date versions was that webmasters usually forgot to update plugins.

In Q1, Sucuri discovered that a quarter of hacked WordPress sites could be attributed to three plugins: TimThumb, GravityForms, and RevSlider. In Q2, the same three plugins accounted for 22 percent of all hacked WordPress sites, showing that admins are still using the same ol' hackable add-ons, and that very few learned anything from Sucuri's first report.


Out-of-date plugins that contributed to hacked WordPress sites
Backdoors continued to be the most prevalent type of infection, found on 71 percent of all hacked websites, most likely used to alter the owner's website or to reinfect the system after inefficient clean-ups.

A new addition to the Sucuri report is in regards to the number of websites that have already been blacklisted at the time the company cleaned them up.

Sucuri discovered that 18 percent of websites they were cleaning had already been blacklisted online, via Google's Safe Browsing service, Norton's SafeWeb service, the Yandex scanner, or McAfee's SiteAdvisor.

"A website being flagged by a Blacklist like Google can be devastating to a website’s functionality," Sucuri notes. "It can affect how visitors access a website, how it ranks in Search Engine Result Pages (SERP) and also adversely affect communication mediums, like email."

For more insight, you can download the company's Hacked Website Report for Q2 2016.


wordpress-continues-to-be-by-far-the-most-hacked-cms-508558-6.jpg
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Cool stats, I had no idea wordpress was that big a target.
Although the vBulletin results are what i expected. One of the gaming sites i ran was VB
and I loved that cPanel and its layout. a very secure site.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Not surprise, it's a matter how the services offered and how effective to create websites under on such patform.

The more audience occur, then attacks goes same to increase.

In order to secure your website, definitely pay a little buckets at all.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top