WordPress Comprises 90% Of Hacked Sites

WordPress is the most popular platform. Because of sheer volume and the number of WordPress websites online, it's the most hacked CMS on the web.  WordPress accounts for the vast majority of compromised CMS platforms, with vulnerable plugins the prime attack vector, Sucuri has revealed in a new report.

The security vendor analysed 18,302 infected websites and over 4.4m cleaned files to compile its latest Hacked Website Trend report.

It revealed that WordPress accounted for 90% of hacked websites in 2018, up from 83% in 2018. There was a steep drop before Magento (4.6%) and Joomla (4.3%) in second and third. The latter two had dropped from figures of 6.5% and 13.1% respectively in 2017.

The problems associated with WordPress appeared not to have come from users running old versions of the platform. In fact, just 37% of infected sites on this platform were outdated, versus 97% for PrestaShop, 91% for OpenCart and 87.5% for Joomla.

“This data demonstrates that the work WordPress continues to do with auto-updates has a material impact. The one area that requires considerable attention, however, are the extensible components of the platform such as plugins,” said Sucuri.

“These extensible components are the real attack vectors affecting tens of thousands of sites a year. The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS.”

The firm also warned that e-commerce sites like those running on PrestaShop and OpenCart have an obligation under PCI DSS to improve security.

“Attackers have a high interest in targeting e-commerce websites with valuable customer data i.e. credit card and user information,” explained Sucuri. “It’s imperative these website owners update their software to ensure their sites have the latest security enhancements and vulnerability patches.”

The vendor highlighted several security challenges leading to risk exposure, including: backwards compatibility problems; reuse of leaked passwords; cross-site contamination; customised deployments; use of pirated software containing backdoors; and a lack of security knowledge and resources.

In 2018, 68% of all clean-up requests dealt with by the vendor contained at least one hidden PHP-based backdoor.

Infosecurity:       WPBuffs:

You Might Also Read:

Hackers Are Focused On Hijacking Payment Data:

 

 

« Bank of England Testing Banks' Cyber Resilience
The US Navy Is Leaking Secrets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.