WordPress Comprises 90% Of Hacked Sites

WordPress is the most popular platform. Because of sheer volume and the number of WordPress websites online, it's the most hacked CMS on the web.  WordPress accounts for the vast majority of compromised CMS platforms, with vulnerable plugins the prime attack vector, Sucuri has revealed in a new report.

The security vendor analysed 18,302 infected websites and over 4.4m cleaned files to compile its latest Hacked Website Trend report.

It revealed that WordPress accounted for 90% of hacked websites in 2018, up from 83% in 2018. There was a steep drop before Magento (4.6%) and Joomla (4.3%) in second and third. The latter two had dropped from figures of 6.5% and 13.1% respectively in 2017.

The problems associated with WordPress appeared not to have come from users running old versions of the platform. In fact, just 37% of infected sites on this platform were outdated, versus 97% for PrestaShop, 91% for OpenCart and 87.5% for Joomla.

“This data demonstrates that the work WordPress continues to do with auto-updates has a material impact. The one area that requires considerable attention, however, are the extensible components of the platform such as plugins,” said Sucuri.

“These extensible components are the real attack vectors affecting tens of thousands of sites a year. The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS.”

The firm also warned that e-commerce sites like those running on PrestaShop and OpenCart have an obligation under PCI DSS to improve security.

“Attackers have a high interest in targeting e-commerce websites with valuable customer data i.e. credit card and user information,” explained Sucuri. “It’s imperative these website owners update their software to ensure their sites have the latest security enhancements and vulnerability patches.”

The vendor highlighted several security challenges leading to risk exposure, including: backwards compatibility problems; reuse of leaked passwords; cross-site contamination; customised deployments; use of pirated software containing backdoors; and a lack of security knowledge and resources.

In 2018, 68% of all clean-up requests dealt with by the vendor contained at least one hidden PHP-based backdoor.

Infosecurity:       WPBuffs:

You Might Also Read:

Hackers Are Focused On Hijacking Payment Data:

 

 

« Bank of England Testing Banks' Cyber Resilience
The US Navy Is Leaking Secrets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

Paladion

Paladion

Paladion is a provider of managed IT security services.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

RADICL

RADICL

RADICL's mission is to give SMBs that serve America's Defense Industrial Base (DIB) access to strong, enterprise-grade cyber security protection.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.