There are over one billion websites on the internet and one third of these websites are created using one of the following four platforms: WordPress, Joomla!, Drupal, and Magento. WordPress has over 60% market share, making this content management system the most popular open source platform both for day to day use as well as for malware attacks. Sucuri published their quarterly Website Hacked Report 2016 – Q1 with a lot of interesting data, particularly analyzing open-source CMS applications and Malware families and their effects. The report is based on data collected and analyzed by the Sucuri Remediation Group and it analyzes over 11k infected websites and shares statistics.
One of the most important findings of this report in our opinion is that in most instances, the compromises analyzed had little, if anything, to do with the core of the CMS application itself, but more with improper deployment, configuration, and overall maintenance by the webmasters and their hosts.
According to the report, 56% of WordPress installations are using outdated versions, which is a lot better in comparison to Joomla! (84%), Magento (96%), and Drupal (81%).
For all of these platforms the cause of compromise by malware are vulnerabilities found in out of date plugins, extensions, and additional components, which need to be maintained as well. For example in case of WordPress 25% of the compromised sites were due to outdated RevSlider, Gravity Forms, and TimThumb plugins, despite on the fact that the patch updates for issues in these plugins were available for over a year.
Sign up for our monthly support service so that your site is upgraded and backed up on a regular basis.
Read the full Website Hacked Report 2016 – Q1 here.