90% of hacked CMS sites in 2018 were powered by WordPress

Report also finds two-thirds of infected sites had a backdoor, while SEO spam surged from 7.3% in 2017 to 51.3%

The overwhelming majority of hacked content management system (CMS) websites last year were built using WordPress.

Approximately 90% of hacked CMS sites were powered by the open source content platform throughout 2018, analysis Sucuri has shown. This represents an increase from 83% of hacked CMS sites in 2017, despite WordPress market share remaining at roughly 60% across the last few years.

Websites powered by Magento and Joomla! represented the second and third most hacked CMS platforms last year, at 4.6% and 4.3%. This was followed by Drupal!, ModX, PrestaShop, OpenCart, and others.

The security firm analysed a total of 18,302 infected websites and a total of 4,426,795 cleaned files in its report.

Meanwhile, the leading cause of infections stemmed from vulnerabilities introduced with add-ons like plugins, themes and extensions. They also generally encompassed improper deployment, security configuration issues, and a lack of security knowledge.

Infections that had exploited outdated CMS platforms, meanwhile, accounted for 44% of all instances, against 56% of websites that were deemed up-to-date.

WordPress represented the lowest proportion of infected sites that were powered by an outdated installation, 36.7%. This was a decline from 39.3% last year.

The CMS with the highest proportion, on the other hand, was PrestaShop with 97.2%, followed by OpenCart with 91.3%, and both Magento and Joomla! also registering a score of above 80%.

"This data demonstrates that the work WordPress continues to do with auto-updates has a material impact," the report said.

"The one area that requires considerable attention, however, are the extensible components of the platform (e.g., plugins). These extensible components are the real attack vectors affecting tens of thousands of sites a year.

"The primary attack vector abused when infecting WordPress are plugins with known and unknown vulnerabilities. This makes the role of third-party components more significant for this CMS."

The 2018 analysis also showed two-thirds of sites that made cleanup requests revealed at least one PHP-based backdoor that hidden within the system. Although this was a 3% reduction against last year's figures, it is still the number one leading infection type.

"Backdoors function as the point of entry into a website's environment after a successful compromise and are one of the first things an attacker will deploy to ensure continued access," the report added. "These tools allow an attacker to retain unauthorized access to an environment long after they have successfully infected a website.

"In many instances, we see attackers scanning sites for known backdoors in target hosts, looking to potentially abuse another attacker's backdoor. Backdoors give attackers the opportunity to bypass existing access controls to web server environments and are particularly effective at eluding modern website scanning technologies."

Meanwhile, malware was found in 56.4% of instances, while SEO spam was in 51.3% of sites. Overall there was a significant increase in the general malware family distribution from 47% in 2017 to 56.4% in 2018.

SEO spam campaigns were the fastest growing form of cyber affliction in the previous year, having soared from just 7.3% in 2017.

The researchers found this form of attack is difficult to detect, and most commonly involves search engine poisoning, which involves attempts to abuse site rankings to monetise on affiliate marketing.

IT Pro approached WordPress for comment.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021