Web Content Management

2018: List of most frequently hacked CMS

In March 2019, Sucuri, an information security research company, ranked the most often hacked content management systems (CMS). About 90% of attacks in 2018 were in WordPress against 83% a year earlier. The hacking rates of other CMS are shown in the diagram below.

According to Sucuri, most CMS hacks are not due to vulnerabilities in the systems themselves, but due to their incorrect configuration. In addition, vulnerabilities in topics, plugins, and other components that are slowly updated by webmasters cause problems. So, the study showed that only 56% of the reviewed websites worked with current versions of the software.

The most frequent hacked CMS in 2018, Sucuri data

In cases with PrestaShop, OpenCart, Joomla and Magento, most hacked sites worked with outdated versions of content control systems. Although 90% of hacks were in WordPress, many affected sites worked on the most recent software: only 36% of the resources studied used outdated versions.

This trend, associated with outdated versions, corresponds to the notoriety of e-commerce sites, which are in no hurry to update in order to prevent the disabling of working functions and not lose money. This is used by attackers who attack online stores that store valuable customer data (for example, credit card information and personal data of users), the Sucuri report says.

According to analysts, in 68% of hacked sites, hackers implement bookmarks, in 56% - place malware for further attacks, in 51% - use SEO spam, which is used to promote the resources of cybercriminals. Attackers post spam content on hacked sites or redirect users to certain pages.^[1]

2016: Sucuri (the most hacked CMS)

Succuri, a web security company, published a report for the third quarter of 2016 on the company's most hacked CMSexperts ^[2] According to the results of the analysis, 7937 sites were compromised during the reporting period. Most often, attackers successfully hacked sites run by WordPress, Joomla and Magento CMS.

According to the report, 74% of compromised sites operated by WordPress, 17% operated by Joomla and 6% operated by Magento.

Sucuri named the TOP 3 most hacked CMS. According to Sucuri, most of the sites were compromised due to the fact that administrators did not install security patches in time.

However, in the case of WordPress, many problems were caused with the security of plugins, and not the CMS itself. About 18% of sites managed by WordPress were hacked through vulnerable versions of plugins RevSlider, TimThumb and GravityForms.

In 72% of cases, attackers installed a backdoor on a compromised system. In 15% of cases, after compromising, sites were marked as malicious by search engines.

2012: Gartner

Analysis company Gartner published in the fall of 2012 the annual consolidated report of vendors of WCM-solutions in the world. It has remained virtually unchanged since 2011, keeping two "top" vendors - Microsoft and IBM in "test" positions.

According to the results of the "magic quadrant" of the WCM systems compiled by Gartner according to the data for the third quarter of 2012, the market leaders are vendors Oracle, Adobe, SDL, Sitecore, OpenText, HP (Autonomy) and Ektron, while the latter company is new to the list, because last year it was in the position of "visionaries" and. " In this position, analysts left IBM and Microsoft unchanged, while shaking the rest of the "quadrant," introducing one new player into the "niche" segment and removing the other two due to mergers and acquisitions and a serious decrease in revenue.

As explained in the research methodology, Gartner now focuses on the functionality of mobile web solutions, both in terms of compatibility and in the context of organizing an employee's workplace. According to the company, IBM is trying to balance between providing user convenience and easily implementing its Web Content Manager, WebSphere Portal, Forms and Web Experience Factory products, but with varying success - customers rarely recall Web Content Manager due to the high cost, complexity of implementation and functionality. For Microsoft SharePoint, the situation turns out, according to Gartner, so that customers who want to use the product for external communications and work scenarios do not find them and turn to competing solutions. In addition, Microsoft has not achieved a significant cheaper product in the new licensing policy, nor does it have sufficient interoperability between third-party solutions.