16,000 WordPress Sites Have Been Hacked

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

16,000 WordPress Sites Have Been Hacked

according to the 2016 Sucuri report

bill

3:51 am on Sep 28, 2016 (gmt 0)

16,000 WordPress Sites Have Been Hacked [infosecurity-magazine.com]

At least 15,769 WordPress websites have been compromised so far this year by cyber-attackers, and most are serving up malware, unflagged by Google's Safe Browsing checks.

WordPress is a popular target because the majority of the web uses it to manage and publish their content. That’s according to the 2016 Sucuri report [sucuri.net] on compromised web properties, which noted that out of 21,821 sites studied, the majority of them (78%) are using WordPress.

WordPress continues to lead the number of infected websites as well, at 74%.

This is one of the reasons I have stayed clear of WordPress as a CMS.

keyplyr

4:05 am on Sep 28, 2016 (gmt 0)

Not surprising, sorry to say, but that number seems low given the amount of vulnerability probes for WP files I get each and every day even though I don't use WP.

Site owners who use WP (or other CMS) typically may not be programmers or diligent keeping track of their server activity. Compromised actions may go unnoticed, spreading further infections.

martinibuster

4:40 am on Sep 28, 2016 (gmt 0)

Updates need to be automated or at least, a site owner must get a nag screen asking if they wish to automate their updates.

not2easy

5:50 am on Sep 28, 2016 (gmt 0)

WP has a lot of novice users, people who don't learn things a step at a time and just jump on whatever plugins they see to make it "better". Many don't know how to back up files or check their logs or any of the precautions for file permissions that they could use. Given the number of WP installations there are online, several thousand hacked sites so far this year is not a surprise sorry to say.

topr8

7:43 am on Sep 28, 2016 (gmt 0)

agree with all the above ...

a lot of users don't even know that there could be security issues with using wordpress plugins (or indeed other off the shelf 'websites') ... they just think things work and all is good without having to have any knowledge... this will never change thus martinibuster is completely right, updates need to be automatic (maybe advanced users could opt out for whatever reason)