WordPress Comprises 90% Of Hacked Sites

Uploaded on 2019-03-25 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

WordPress is the most popular platform. Because of sheer volume and the number of WordPress websites online, it's the most hacked CMS on the web.  WordPress accounts for the vast majority of compromised CMS platforms, with vulnerable plugins the prime attack vector, Sucuri has revealed in a new report.

The security vendor analysed 18,302 infected websites and over 4.4m cleaned files to compile its latest Hacked Website Trend report.

It revealed that WordPress accounted for 90% of hacked websites in 2018, up from 83% in 2018. There was a steep drop before Magento (4.6%) and Joomla (4.3%) in second and third. The latter two had dropped from figures of 6.5% and 13.1% respectively in 2017.

The problems associated with WordPress appeared not to have come from users running old versions of the platform. In fact, just 37% of infected sites on this platform were outdated, versus 97% for PrestaShop, 91% for OpenCart and 87.5% for Joomla.

“This data demonstrates that the work WordPress continues to do with auto-updates has a material impact. The one area that requires considerable attention, however, are the extensible components of the platform such as plugins,” said Sucuri.

“These extensible components are the real attack vectors affecting tens of thousands of sites a year. The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS.”

The firm also warned that e-commerce sites like those running on PrestaShop and OpenCart have an obligation under PCI DSS to improve security.

“Attackers have a high interest in targeting e-commerce websites with valuable customer data i.e. credit card and user information,” explained Sucuri. “It’s imperative these website owners update their software to ensure their sites have the latest security enhancements and vulnerability patches.”

The vendor highlighted several security challenges leading to risk exposure, including: backwards compatibility problems; reuse of leaked passwords; cross-site contamination; customised deployments; use of pirated software containing backdoors; and a lack of security knowledge and resources.

In 2018, 68% of all clean-up requests dealt with by the vendor contained at least one hidden PHP-based backdoor.

Infosecurity:       WPBuffs:

You Might Also Read:

Hackers Are Focused On Hijacking Payment Data:

 

 

« Bank of England Testing Banks' Cyber Resilience
The US Navy Is Leaking Secrets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Open Quantum Safe (OQS)

Open Quantum Safe (OQS)

The Open Quantum Safe (OQS) project is an open-source project that aims to support the development and prototyping of quantum-resistant cryptography.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.