90% of hacked CMS sites in 2018 were powered by WordPress

Report also finds two-thirds of infected sites had a backdoor, while SEO spam surged from 7.3% in 2017 to 51.3%

Security bug

The overwhelming majority of hacked content management system (CMS) websites last year were built using WordPress.

Approximately 90% of hacked CMS sites were powered by the open source content platform throughout 2018, analysis Sucuri has shown. This represents an increase from 83% of hacked CMS sites in 2017, despite WordPress market share remaining at roughly 60% across the last few years.

Websites powered by Magento and Joomla! represented the second and third most hacked CMS platforms last year, at 4.6% and 4.3%. This was followed by Drupal!, ModX, PrestaShop, OpenCart, and others.

Advertisement - Article continues below

The security firm analysed a total of 18,302 infected websites and a total of 4,426,795 cleaned files in its report.

Meanwhile, the leading cause of infections stemmed from vulnerabilities introduced with add-ons like plugins, themes and extensions. They also generally encompassed improper deployment, security configuration issues, and a lack of security knowledge.

Infections that had exploited outdated CMS platforms, meanwhile, accounted for 44% of all instances, against 56% of websites that were deemed up-to-date.

WordPress represented the lowest proportion of infected sites that were powered by an outdated installation, 36.7%. This was a decline from 39.3% last year.

The CMS with the highest proportion, on the other hand, was PrestaShop with 97.2%, followed by OpenCart with 91.3%, and both Magento and Joomla! also registering a score of above 80%.

Advertisement
Advertisement - Article continues below

"This data demonstrates that the work WordPress continues to do with auto-updates has a material impact," the report said.

"The one area that requires considerable attention, however, are the extensible components of the platform (e.g., plugins). These extensible components are the real attack vectors affecting tens of thousands of sites a year.

Advertisement - Article continues below

"The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS."

The 2018 analysis also showed two-thirds of sites that made cleanup requests revealed at least one PHP-based backdoor that hidden within the system. Although this was a 3% reduction against last year's figures, it is still the number one leading infection type.

"Backdoors function as the point of entry into a website's environment after a successful compromise and are one of the first things an attacker will deploy to ensure continued access," the report added. "These tools allow an attacker to retain unauthorized access to an environment long after they have successfully infected a website.

"In many instances, we see attackers scanning sites for known backdoors in target hosts, looking to potentially abuse another attacker's backdoor. Backdoors give attackers the opportunity to bypass existing access controls to web server environments and are particularly effective at eluding modern website scanning technologies."

Advertisement - Article continues below

Meanwhile, malware was found in 56.4% of instances, while SEO spam was in 51.3% of sites. Overall there was a significant increase in the general malware family distribution from 47% in 2017 to 56.4% in 2018.

SEO spam campaigns were the fastest growing form of cyber affliction in the previous year, having soared from just 7.3% in 2017.

The researchers found this form of attack is difficult to detect, and most commonly involves search engine poisoning, which involves attempts to abuse site rankings to monetise on affiliate marketing.

IT Pro approached WordPress for comment.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020
Election officials are vulnerable to phishing attacks, report warns
phishing

Election officials are vulnerable to phishing attacks, report warns

27 Jul 2020

Most Popular

How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
Why it’s time to expand beyond 16:9 monitors
Advertisement Feature

Why it’s time to expand beyond 16:9 monitors

21 Jul 2020