Sucuri has just released its 2016 Q2 report on hacked websites based on the analysis of 9,771 infected websites. And it makes for an interesting read, particularly when you consider their final point:
“There is currently a sharp decline in the knowledge required to have a website, which is breeding the wrong mindset with website owners and service providers alike.”
They’re almost going as far as to say that too many hacked websites are the result of their owners, webmasters and hosting companies not doing what they should be doing to keep the website secure.
Which is a worrying thought for most people – is YOUR website in capable hands?
Let’s look at some of the findings from the Sucuri hacked websites report.
1. Which CMS Platforms Were Most Commonly Affected?
The most common hacked websites were those using WordPress (74%) , Joomla (16%) and Magento (8%). This in part is a reflection of the usage of these different platforms – WordPress absolutely dominates the world of website CMS platforms making up 59% of all CMS, then Joomla 6.2% and Magento at 2.8%* – and the more websites there are using a particularly CMS, the more infected sites there are likely to be.
Indeed Sucuri states early on in the report that the data does not imply that WordPress, Joomla or Magento are more or less secure than other platforms – in most cases, the problems seen were little to do the core system, but far more to do with webmaster and hosting mistakes!
2. In-Date or Out-of-Date Software?
Sucuri reviewed whether the CMS being used was fully up-to-date at the point the website was infected, or not. CMS updates and patches are released regularly to ensure the systems work at a high level of security, but unfortunately many webmasters don’t maintain their sites rigorously, and allow them to become out of date.
And as Sucuri so succinctly says, “With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.”
Of the 9771 websites examined, Sucuri discovered an amazing:
• 55% WordPress sites were out of date
• 86% Joomla sites were out of date
• 96% Magento sites were out of date
making it easy to see a clear relationship between infected Joomla and Magento websites and webmasters who aren’t maintaining their sites properly.
3. Focus on WordPress
As the world’s most popular CMS, the cause of attacks on WordPress websites was examined in greater depth.
Three out-of-date and vulnerable WordPress plugins were responsible for 22% of all the WordPress compromises, and the frequency of each responsible plugin is shown below:
• Revslider (46%)
• TimThumb (27%)
• Gravity Forms (27%)
Since each of these plugins have had fixes available for more than a year (TimThumb since 2011), Gravity Forms (since December 2014) and RevSlider (publically disclosed in September 2014), the fact that 22% of all the infected WordPress websites were still using at least one of these, is of concern.
Sucuri concludes that the WordPress community still faces a challenge in making website owners and webmasters aware of patches and fixes and encouraging them to keep their websites up-to-date and secure.
The most common malware families responsible for the hacked websites were
• 71% Backdoor (files used to reinfect and retain access)
• 60% Malware (browser-side code used to create drive by downloads)
• 38% SPAM-SEO (compromise that targets a website’s SEO)
• 8% HackTool (exploit or DDOS tools used to attack other sites)
• 7% Mailer (spam generating tools designed to abuse server resources)
• 3% Defaced (hacks that leave a website’s homepage unusable and promoting an unrelated subject)
• 3% Phishing (attackers trick users into sharing sensitive information eg. log in information, credit card data etc)
The worrying thing to note here is that 71% of all infected websites had backdoor attacks which allow the intruders to bypass controls without presenting any external signs of hacking to website visitors. These backdoors are particularly effective as they can’t be detected by most website scanning technologies.
SPAM-SEO hacks were also on the rise – up to 38% in Q2. This is where the sites were infected with spam or redirected web visitors to spam pages such as content about Viagra, casinos, porn etc.
Nobody wants their site to be blacklisted by Google, Norton or McAfee as it can damage the company’s reputation enormously, can adversely affect search rankings and also cause havoc with email systems.
However the research into which infected websites were blacklisted provided some startling statistics: only approximately 18% of the infected websites were blacklisted.
So that means that 82% of the 9,771 websites examined were free to distribute malware!
IN CONCLUSION – A large proportion of hacked websites arise simply because the CMS core system, the plugins, the scripts etc have not been kept up-to-date.
Even if a malware attack doesn’t cause your site to crash, there are several reasons your website visitors will flee when your site is hacked. Furthermore infected sites can get blacklisted by Google – or perhaps even worse – keep on functioning and spreading malware to all your website visitors.
It is impossible to over emphasise how important regular maintenance is to reduce your website’s vulnerabilities and help secure it against attack.
Are you sure that YOUR Website is in capable hands?
WP Support Specialists is a global WordPress support business dedicated to WordPress and WordPress alone! We offer emergency support and regular WordPress maintenance packages. If you want to have a no obligation chat about how we can keep your website secure, please get in contact.