The one constant you’ll find in this report is the issues pertaining to poorly trained website administrators (i.e., webmasters) and their affect on websites.
That’s one of the headlines from the 2016 Q2 Hacked Website Report released recently by Sucuri, a leading website security company who analyzed a total of 9,771 websites for the report.
They found that WordPress was by far the most infected platform; not because it’s insecure, but because it’s simply far and away the most popular. In fact, they stated that “In most instances, the compromises analyzed had little, if anything, to do with the core of the CMS application itself but more with improper deployment, configuration, and overall maintenance by the webmasters and their hosts.”
The number of hacked WordPress sites dropped by 4% company Q1 and Q2 of 2016, while Joomla increased 2.2% and the others remained largely the same.
Sucuri notes that the leading cause of vulnerabilities are “extensible components of the CMS applications”, which for WordPress means themes and plugins. That’s why it’s so important to make sure your site remains up to date and monitored for security issues, which of course is exactly what we do here at Barrel Roll!
Of the hacked sites running WordPress, 55% of them weren’t running the latest security update available for WordPress core. That’s surprising because many hosts now apply those automatically, but it shows you how far we as a community have to go before we get where we need to be. Still, we’re doing a lot better than other CMS hosts!
The top three most-hacked plugins were Revslider, TimThumb, and GravityForms. Patches for these plugins have been released over the years to address critical issues, so it’s telling that there are still so many installations out there that haven’t applied them.
Another interesting bit of data is the distribution of the most common plugins on infected sites. It’s no surprise that Askimet is present in over half of the sites since it comes installed in WordPress by default, but a deeper review shows not one, not two, but three of the top WordPress security plugins installed on compromised sites. We’ve long maintained that the cost in performance and administration time far outweighs the benefit of these plugins and we think this shows that we’re right.
Want to learn more? You can read the report here or download the PDF.
Have a site you need managed?
From backups, to updates, to support and much more, we’ve got you covered.
Have clients you want managed?
Let us take care of your clients and earn up to 20% of their membership per month without lifting a finger.
