WordPress sites are a massive draw for hackers
According to research by Imperva, WordPress websites were attacked 24.1 percent more often than websites running on all other CMS platforms combined.
WordPress websites suffer 60 percent more XSS incidents than all other CMS platforms, and the research found that while WordPress is more likely to suffer fewer numbers of incidents for each attack type, it also suffers a higher traffic volume for each attack type.
Almost 75 million websites work on the WordPress content management system (CMS) and it seems that WordPress might be a victim of its own popularity. "We believe that popularity and a hacker’s focus go hand-in-hand," Imperva said in its report. "When an application or a platform becomes popular, hackers realize that the ROI from hacking into these platforms or applications will be fruitful, so they spend more time researching and exploiting these applications, either to steal data from them, or to use the hacked systems as zombies in a botnet".
The research also found that 48.1 percent of all attack campaigns target retail applications, while websites that have log-in functionality, and hence contain consumer specific information, suffer 59 percent of all attacks, and 63 percent of all SQL Injection attacks.
Amichai Shulman, chief technology officer at Imperva, said: "Looking at other sources of attacks, we were also interested to find that infrastructure-as-a-service (IaaS) providers are on the rise as attacker infrastructure. For example, 20 percent of all known vulnerability exploitation attempts have originated from Amazon Web Services. They aren’t alone; with this phenomenon on the rise, other IaaS providers have to worry about their servers being compromised. Attackers don’t discriminate when it comes to where a data center lives".
Ilia Kolochenko, CEO and founder of High-Tech Bridge, said: "For upwards of a decade, the major CMS platforms such as Joomla and WordPress have been deeply researched by both black and white hat hackers (some well-known CMS even changed names during their development). Today it would be fair to say that the vast majority of data breaches are directly or indirectly related to vulnerable web applications and compromised websites".
Dan Raywood is editor of The IT Security Guru
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.