Roughly ninety percent (90%) of all the hacked website content management systems ('CMS') that Sucuri investigated and helped fix in 2018 were WordPress sites. In a distant second, third, and fourth came Magento (4.6%), Joomla (4.3%), and Drupal (3.7%). Sucuri experts blamed most of the website hacks on vulnerabilities in plugins and themes, misconfiguration issues, and a lack of maintenance by webmasters who often forgot to perform critical updates.
Experts said that only fifty-six percent (56%) of the sites they investigated were running an up-to-date CMS at the time they were called in to remediate a hack. While ninety percent (90%) of all hacked websites were WordPress, most were running up-to-date versions. Only thirty-six percent (36%) of hacked WordPress websites investigated were running an outdated version.
WordPress and makers of its popular search-engine optimization ('SEO') plugin Yoast, admit to having a history of being hacked monthly, stating: "For a while, Yoast use to get hacked every month. Of course we were a high profile target so people were targeting us. We knew..." - Joost De Valk
Absolutely No WordPress Code, Ever!
The Marketing.Legal website platform has absolutely zero reliances upon any WordPress code or any of the other open-source website platforms, plugins, or themes that are regular targets of attack. Marketing.Legal uses an entirely proprietary website content management platform.
Information source: //www.zdnet.com/article/wordpress-accounted-for-90-percent-of-all-hacked-cms-sites-in-2018/ Adapted for educational purposes. Percentages as mentioned are subject to some rounding.