WordPress accounted for 90 percent of all hacked CMS sites in 2018

guest · Mar 5, 2019

WordPress accounted for 90 percent of all hacked CMS sites in 2018
Backdoors found on two-thirds of all hacked sites, SEO spam on half
March 5, 2019
https://www.zdnet.com/article/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018/

Roughly 90 percent of all the hacked content management systems (CMSs) Sucuri investigated and helped fix in 2018 were WordPress sites. In a distant second, third, and fourth came Magento (4.6 percent), Joomla (4.3 percent), and Drupal (3.7 percent), according to a report the company published yesterday.

Sucuri experts blamed most of the hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters, who often forgot to update their CMS, themes, and plugins.
SEO SPAM IS ON THE RISE
"Most frequently, the result of Search Engine Poisoning (SEP) attacks, where attackers attempt to abuse site rankings to monetize on affiliate marketing or other blackhat tactics, SEO spam typically occurs via PHP, database injections, or .htaccess redirects.
Click to expand...

Website Hack Trend Report 2018 (PDF - 1.49 MB): https://sucuri.net/reports/19-sucuri-2018-hacked-report.pdf

mirimir · Mar 5, 2019

So this is a surprise?

guest · Jun 25, 2019

13 Reasons Why WordPress Hacks are Successful
June 25, 2019
https://www.tripwire.com/state-of-s...ection/13-reasons-wordpress-hacks-successful/

For the most part, WordPress hacks can be rather complicated, and if you don’t have a backup, a hacked site will make an adult wail like a baby.
13 WordPress Worst Security Practices
WordPress hacks happen all the time. Keeping your WordPress site safe from cybercriminals requires that you avoid plummeting into the froth of WordPress worst security practices. When a WordPress site broadcasts worst security practices, you can rest assured — the bad guys will always line up to listen.

WordPress worst security practices include: [...]
Though the above list is not comprehensive — on the positive side, it provides a baseline to build upon. To clarify, moving away from WordPress worst security practices can improve your security posture. Furthermore, if you shift to security best practices, you can dumb down the listening prowess of the bad guys.
Click to expand...

Minimal or no WordPress maintenance (not updating core, plugin, and themes).

Not backing up the database and files.

Lack of malware checks, security scans, security plugins (or services) and security monitoring.

Failure to limit login attempts.

Failure to use sitewide SSL.

The use of weak passwords.

Using the default user admin account instead of using a custom name.

Adding too many admins (use caution when giving user privileges).

Not using two-factor authentication (2FA).

Using plugins and themes from untrustworthy sources.

Failure to use the latest PHP version.

Failure to use a firewall.

Using “cheap” low quality or shared hosting.

Log in or Sign up

WordPress accounted for 90 percent of all hacked CMS sites in 2018

guest Guest

mirimir Registered Member

guest Guest

Log in or Sign up

WordPress accounted for 90 percent of all hacked CMS sites in 2018

guest Guest

mirimir Registered Member

guest Guest

Useful Searches