Sucuri, the security and vulnerability monitoring and prevention company, has released its Q1/2016 report on Web site hacks.
The proliferation of content management systems (CMS) has increased the number of attacks targeting domains and web sites utilizing them.
Sucuri often alerts the community of CMS users about trends in security attacks, and their 2016 report is eye-opening.
If you operate a blog or a business web site running on WordPress, like more than 26% of other web sites, better be worried.
WordPress ranked top among other CMS systems, with 78% in platform distribution during the first quarter of 2016.
Joomla came a far second, with 14%, followed by various other named and unnamed systems.
Is WordPress really this insecure?
According to Sucuri, the numbers indicate that the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components, not its core:
“Extensible components directly relate to the integration of plugins, extensions, components, modules, templates, themes and other similar integrations.”
In other words, the majority of issues related to WordPress are related to the add-on modules and plugins. You should therefore be very careful about what you install to your basic WordPress set up.
For the full security report by Sucuri, click here.