WordPress accounted for 90 percent of hacked CMS sites in 2018

90% of hacked CMS sites in 2018 are WordPress sites

According to a report by Sucuri, 90% of the hacked content management systems (CMSs) they had investigated and helped fix in 2018 were WordPress sites. Magento, Joomla and Drupal came a distant second, third and fourth at a little more than 4% each.

They attributed it to weak plugins and themes, outdated plugins, themes and CMS, and disorganization. In fact, only 56%of the sites they had to remediate hacks from had an updated CMS.

Also, it’s important to mention that most of the hacked sites had backdoors or SEO spam and websites that were infected by SEO attacks got injections of different content placeholders from industries such as pharmaceutical, fashion, different financial loans and etc.

Infected websites platform distribution for 2018
Infected websites platform distribution for 2018

Ecommerce sites not updated for latest vulnerabilities

While only 36% of the hacked WordPress sites were up to date, the other ecommerce CMSs like OpenCart, Joomla and Magento were not updated. According to Sucuri, it’s because ecommerce sites far that an update would interrupt their functionality and working.

Sucuri however advises ecommerce website owners to update their software with the latest safety features. It’s because attackers prefer hacking ecommerce websites because of the valuable data like credit card information available here.

Sucuri also states that along with outdated CMS versions, weak components were another important reason for increased hacking.

Even more SEO spam

Sucuri also said that hackers used mostly backdoors and stored malware for other operations in 56% of hacked sites. They even released SEO spam pages on about 51% of the hacked sites, 7% more than last year.

According to Sucuri, SEO spam is growing quickly, is difficult to detect and is backed by impression-based affiliate marketing. SEO spams generally occur through PHP, .htaccess redirects or database injections where attackers use blackhat tactics like abusing site rankings to monetize on affiliate marketing.

The attacked websites either contain spam or injected content for other industries like fashion or entertainment like pornography and online gambling. Some sites even redirect visitors to spam pages with unnecessary content like pharmaceutical ad placements.

Annual trends for top 3 malware signatures for 2018
Annual trends for top 3 malware signatures for 2018
Johnny McKinsey
Follow me

Leave a Comment