90% of hacked CMS sites in 2018 were powered by WordPress

Report also finds two-thirds of infected sites had a backdoor, while SEO spam surged from 7.3% in 2017 to 51.3%

The overwhelming majority of hacked content management system (CMS) websites last year were built using WordPress.

Approximately 90% of hacked CMS sites were powered by the open source content platform throughout 2018, analysis Sucuri has shown. This represents an increase from 83% of hacked CMS sites in 2017, despite WordPress market share remaining at roughly 60% across the last few years.

Websites powered by Magento and Joomla! represented the second and third most hacked CMS platforms last year, at 4.6% and 4.3%. This was followed by Drupal!, ModX, PrestaShop, OpenCart, and others.

The security firm analysed a total of 18,302 infected websites and a total of 4,426,795 cleaned files in its report.

Meanwhile, the leading cause of infections stemmed from vulnerabilities introduced with add-ons like plugins, themes and extensions. They also generally encompassed improper deployment, security configuration issues, and a lack of security knowledge.

Infections that had exploited outdated CMS platforms, meanwhile, accounted for 44% of all instances, against 56% of websites that were deemed up-to-date.

WordPress represented the lowest proportion of infected sites that were powered by an outdated installation, 36.7%. This was a decline from 39.3% last year.

The CMS with the highest proportion, on the other hand, was PrestaShop with 97.2%, followed by OpenCart with 91.3%, and both Magento and Joomla! also registering a score of above 80%.

"This data demonstrates that the work WordPress continues to do with auto-updates has a material impact," the report said.

"The one area that requires considerable attention, however, are the extensible components of the platform (e.g., plugins). These extensible components are the real attack vectors affecting tens of thousands of sites a year.

"The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS."

The 2018 analysis also showed two-thirds of sites that made cleanup requests revealed at least one PHP-based backdoor that hidden within the system. Although this was a 3% reduction against last year's figures, it is still the number one leading infection type.

"Backdoors function as the point of entry into a website's environment after a successful compromise and are one of the first things an attacker will deploy to ensure continued access," the report added. "These tools allow an attacker to retain unauthorized access to an environment long after they have successfully infected a website.

"In many instances, we see attackers scanning sites for known backdoors in target hosts, looking to potentially abuse another attacker's backdoor. Backdoors give attackers the opportunity to bypass existing access controls to web server environments and are particularly effective at eluding modern website scanning technologies."

Meanwhile, malware was found in 56.4% of instances, while SEO spam was in 51.3% of sites. Overall there was a significant increase in the general malware family distribution from 47% in 2017 to 56.4% in 2018.

SEO spam campaigns were the fastest growing form of cyber affliction in the previous year, having soared from just 7.3% in 2017.

The researchers found this form of attack is difficult to detect, and most commonly involves search engine poisoning, which involves attempts to abuse site rankings to monetise on affiliate marketing.

IT Pro approached WordPress for comment.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021