WordPress sites have been attacked more often than any other CMS platforms put together. Imperva research has shown that WordPress sites were attacked 24.1 percent more often. These sites also are subject to far more XSS incidents, up to 60% more. The research does say that WordPress suffers fewer attacks but at higher volume. The research is there, WordPress sites are a massive draw for hackers.
Since WordPress is the most used platform in the world for website design, it is likely a victim of its own success. There are 75 million websites using WordPress, and that popularity is why it’s so vulnerable. “We believe that popularity and a hacker’s focus go hand-in-hand,” Imperva said in its report. “When an application or a platform becomes popular, hackers realize that the ROI from hacking into these platforms or applications will be fruitful, so they spend more time researching and exploiting these applications, either to steal data from them, or to use the hacked systems as zombies in a botnet”.
Imperva also discovered that 48.1 percent of the attack campaigns work against retail applications. Sites that utilize log-in with consumer specific information are subjected to 59 percent of WordPress attacks, and a whopping 63 percent of all SQL Injection attacks.
Amichai Shulman, chief technology officer at Imperva, said: “Looking at other sources of attacks, we were also interested to find that infrastructure-as-a-service (IaaS) providers are on the rise as attacker infrastructure. For example, 20 percent of all known vulnerability exploitation attempts have originated from Amazon Web Services. They aren’t alone; with this phenomenon on the rise, other IaaS providers have to worry about their servers being compromised. Attackers don’t discriminate when it comes to where a data center lives”.
Ilia Kolochenko, CEO and founder of High-Tech Bridge, said: “For upwards of a decade, the major CMS platforms such as Joomla and WordPress have been deeply researched by both black and white hat hackers (some well-known CMS even changed names during their development). Today it would be fair to say that the vast majority of data breaches are directly or indirectly related to vulnerable web applications and compromised websites”.