According to current reports, WordPress powers more than a third of the internet. And when you consider there are hundreds of millions of live sites today, that statistic becomes really impressive. It’s also a little scary because it means it is more likely that bad actors will tailor hacks and attacks specifically for WordPress, as there are millions of potential sites to compromise.
In fact, 94% of hacked websites we cleaned last year ran on WordPress, a statistic highlighted in Sucuri 2019 Hacked Website Threat Report. It not only looks at WordPress security but at the threat landscape as a whole. The next CMS to come close as Joomla, at just 2.5%.
That’s not to say the fine folks at Automattic are making an insecure product. Rather, WordPress is so awesome and lets you do so much, the expanded functionality can also present an array of new attack vectors via installations, themes, and plugins.
But first things first. Let’s work on understanding what threats impacted WordPress websites last year, in order to lay the foundation for a secure 2020.
Don’t click that link! SEO spam & WordPress
As in previous years, SEO spam proved to be the most common infection for WordPress. We saw 62% of websites had an SEO spam infection during the cleanup, an increase of over 51.3% compared to the previous year.
<blockquote>Symptoms of an SEO spam infection are content on a website that seems to promote something unrelated to the purpose of the site, often links or banners ads for pharmaceuticals, designer accessories, or online casinos — to name just a few. </blockquote>
While this content is often public-facing and designed to lure away visitors, last year we found SEO spam most often targeted WordPress databases. And in those databases, we found more than one infection, with 12 different ones on average.
Backdoors on WordPress and all other sites
The 15% reinfection rate of SEO spam we saw last year, hints towards the second most common type of malware — reinfections caused by a backdoor. In fact, we discovered backdoors in about 47% of all hacked sites we cleaned up.
Hackers leave backdoors at the websites after the first infection in order to regain access to the site for reinfection. While backdoors were down compared with the number from the prior year (68% in 2018), they remain a threat that needs attention.
Among the backdoors our team found in 2019, uploaders were the most popular at 20%, followed by remote execution via POST requests at 13%, and GET requests and webshells both coming in at 6%.
This article was written by Art Martori and originally published on ManageWP.