90% of hacked CMS sites in 2018 were powered by WordPress

Report also finds two-thirds of infected sites had a backdoor, while SEO spam surged from 7.3% in 2017 to 51.3%

The overwhelming majority of hacked content management system (CMS) websites last year were built using WordPress.

Approximately 90% of hacked CMS sites were powered by the open source content platform throughout 2018, analysis Sucuri has shown. This represents an increase from 83% of hacked CMS sites in 2017, despite WordPress market share remaining at roughly 60% across the last few years.

Websites powered by Magento and Joomla! represented the second and third most hacked CMS platforms last year, at 4.6% and 4.3%. This was followed by Drupal!, ModX, PrestaShop, OpenCart, and others.

The security firm analysed a total of 18,302 infected websites and a total of 4,426,795 cleaned files in its report.

Meanwhile, the leading cause of infections stemmed from vulnerabilities introduced with add-ons like plugins, themes and extensions. They also generally encompassed improper deployment, security configuration issues, and a lack of security knowledge.

Infections that had exploited outdated CMS platforms, meanwhile, accounted for 44% of all instances, against 56% of websites that were deemed up-to-date.

WordPress represented the lowest proportion of infected sites that were powered by an outdated installation, 36.7%. This was a decline from 39.3% last year.

The CMS with the highest proportion, on the other hand, was PrestaShop with 97.2%, followed by OpenCart with 91.3%, and both Magento and Joomla! also registering a score of above 80%.

"This data demonstrates that the work WordPress continues to do with auto-updates has a material impact," the report said.

"The one area that requires considerable attention, however, are the extensible components of the platform (e.g., plugins). These extensible components are the real attack vectors affecting tens of thousands of sites a year.

"The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS."

The 2018 analysis also showed two-thirds of sites that made cleanup requests revealed at least one PHP-based backdoor that hidden within the system. Although this was a 3% reduction against last year's figures, it is still the number one leading infection type.

"Backdoors function as the point of entry into a website's environment after a successful compromise and are one of the first things an attacker will deploy to ensure continued access," the report added. "These tools allow an attacker to retain unauthorized access to an environment long after they have successfully infected a website.

"In many instances, we see attackers scanning sites for known backdoors in target hosts, looking to potentially abuse another attacker's backdoor. Backdoors give attackers the opportunity to bypass existing access controls to web server environments and are particularly effective at eluding modern website scanning technologies."

Meanwhile, malware was found in 56.4% of instances, while SEO spam was in 51.3% of sites. Overall there was a significant increase in the general malware family distribution from 47% in 2017 to 56.4% in 2018.

SEO spam campaigns were the fastest growing form of cyber affliction in the previous year, having soared from just 7.3% in 2017.

The researchers found this form of attack is difficult to detect, and most commonly involves search engine poisoning, which involves attempts to abuse site rankings to monetise on affiliate marketing.

IT Pro approached WordPress for comment.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021