Recently I came across a report that focused on Hacked website trends in 2017 put out by Sucuri, a third party website security firm. The report looked at just over 34,000 websites that were hacked in 2017 and groups them by the CMS (Content Management System) used to review trends.
There are a few key call outs worth mentioning about this report:
- The top 4 CMS’s found were WordPress, Joomla, Magento and Drupal
- WordPress was by far the worst offender when it came to infected websites and saw the biggest increase in 2017
- An Outdated CMS were one of the key reasons behind security vulnerabilities leading to an infected site
- The top 3 infected modified files post hack were index.php (28%), .htaccess (10%) and functions.php (9%)
The one thing I found interesting is that so many sites are outdated regardless of the platform and this report makes mention of the fact that it comes down to highly customized deployments, issues with being backwards compatible and a lack of skilled resources to assist with migrations to newer CMS versions. Basically website owners face issues with hacking the more customized or the more skilled resource needed to complete a migration to a newer CMS. If you’d like a closer look at the report you can get a copy from Sucuri here.