Content Management Systems (CMS) websites were investigated by Sucuri and some of them were fixed with their help. These websites had suffered a breach in their security and needed immediate attention. Once the repairs and maintenance were done, Sucuri then investigated what the causes could be and, in their report, it was seen that around 90 percent of the hacked websites had been WordPress websites. Sucuri relates that most of these hacks are probably due to many websites running outdated themes or plugins that had grown unstable and easy to probe for vulnerabilities.
However, of all the websites investigated only around just above half of the affected sites had been running an updated CMS at the time, many others had grown stagnant and old and when it came to the exposed wordpress websites, it had turned out that those websites were running up-to-date versions unlike other CMSs such as Magento and OpenCart. Of those Content Management Systems, most of the hacked websites were running old versions that were easier to breach than the current models. This stresses the importance of keeping your website updated if you’re using a CMS.
E-commerce sites often struggle the most when it comes to updating themselves. When updating to a new version, they must ensure that their own functionality is not affected and the processing for transactions remain unaffected even after an update, which is difficult to do when you have such a dynamic website to manage unlike many other static sites where content doesn’t change often or there isn’t a lot of server-user interaction. E-commerce sites might hold credit card credentials as well, making them an attractive target for hackers and it is these websites of whom the owners need to be most sure of their security to prevent a breach in confidentiality.
But even with many websites running outdated versions of their own CMS, Sucuri experts still relate the cause of many of the hacks to be component vulnerabilities. When a hack happens, hackers leave backdoors from which they can gain control of the website again and then use these websites as a source for other vices like for the hosting of malware. This means that anyone using the website exposes themselves to a virus infection where the security of their own personal system and their own integrity will be at risk and thanks to this being hosted on a website with a backdoor, the hacker will be able to do this without facing the consequences.
SEO spam has become particularly notorious lately. It’s difficult to detect and can lead to many blackhat tactics for affiliate marketing. Attackers sometimes try to abuse site rankings such that they can monetize on them. Sucuri had a lot of trouble in cleaning up many of the websites and until the damage was repaired, there were many victims who had the misfortune of accessing the hacked website while the hackers had control over most of them.