Roughly ninety percent (90%) of all the hacked website content management systems ('CMS') that were investigated were WordPress websites. In a distant second and third, came Joomla (4.3%), and Drupal (3.7%). Experts blamed most of the website hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters who often forgot to perform critical updates.
Experts said that only fifty-six percent (56%) of the websites they investigated were running an up-to-date CMS at the time they were called in to remediate a hack. While ninety percent (90%) of all hacked websites were WordPress, most were running up-to-date versions. Only thirty-six percent (36%) of hacked WordPress websites investigated were running an outdated version.
WordPress and makers of its popular search-engine optimization ('SEO') plugin Yoast, admit to having a history of being hacked monthly, stating: “For a while, Yoast use to get hacked every month. Of course we were a high profile target so people were targeting us. We knew...” - Joost De Valk
Absolutely No WordPress Code, Ever.
The Marketing.Legal website platform and Success.Legal professional network, respectively, have zero reliances upon any WordPress code or any of the other open-source website platforms, plugins, or themes that are regular targets of attack. The Marketing.Legal platform and Success.Legal network use an entirely proprietary web-application as their foundation, and which drives their respective content management platforms.
Information source: //www.zdnet.com/article/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018/ Adapted for educational purposes. Percentages as mentioned are subject to some rounding.