Wordpress accounted for 90 percent of all hacked CMS sites in 2018

Wordpress accounted for 90 percent of all hacked CMS sites

Roughly 90 percent of all the hacked content management systems (CMSs) Sucuri investigated and helped fix in 2018 were WordPress sites. In a distant second, third, and fourth came Magento (4.6 percent), Joomla (4.3 percent), and Drupal (3.7 percent), according to a report the company published yesterday.

Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.

Experts said that only 56 percent of the sites they investigated were running an up-to-date CMS at the time they were called in to remediate a hack.


But while 90 percent of all hacked sites were WordPress, most of these were running up-to-date versions. Sucuri said that only 36 percent of the hacked WordPress sites that the company investigated ran an outdated version.

On the other hand, CMSs like PrestaShop, OpenCart, Joomla, and Magento, when found to be hacked, they almost always were running on an out-of-date version.

Outdated Infected CMS Distribution - 2018

Yet, despite some sites running outdated CMS versions, "the leading cause of infections stemmed from component vulnerabilities," Sucuri said.


And when the hacks happened, Sucuri said that hackers usually deployed backdoors, with the company finding one on 68 percent of all the compromised sites it investigated.

Sucuri experts said that hackers also used around 56 percent of the hacked sites to host malware for other operations, and deployed SEO spam pages on 51 percent of the hacked sites --a number that has risen in the past year, from 44 percent in 2017.

"[SEO spam] is one of the fastest growing families over the previous years," Sucuri said. "They are difficult to detect and have a strong economic engine driven by impression-based affiliate marketing.

"Most frequently, the result of Search Engine Poisoning (SEP) attacks, where attackers attempt to abuse site rankings to monetize on affiliate marketing or other blackhat tactics, SEO spam typically occurs via PHP, database injections, or .htaccess redirects.

"Websites impacted by SEO attacks often become infected with spam content or redirect visitors to spam-specific pages. Unwanted content is regularly found in the form of pharmaceutical ad placements but may also include injected content for other popular industries like fashion or entertainment (i.e. pornographic material, essay writing, fashion brands, loans, and online gambling)."

Malware Family Distribution - 2018

Primary takeaway here is that these CMS sites require constant maintenance and cannot be neglected. If you have a small business and do not have the time to maintain and update your CMS sites we recommend considering a fully secure and closed platform such as Squarespace.

For more information on learning about the benefits of Squarespace please feel free and reach out to us.

Read more: https://www.zdnet.com/article/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018/