Imperva Report: WordPress Is The Most Attacked CMS

WordPress is the most vulnerable CMS to cyber attacks, according to a report by Imperva, a data security firm. 

The Imperva Web Application Attack Report (WAAR) – an annual report now published for the fifth time – was recently released via the Imperva blog. Amongst a long list of findings, it turns out that websites running on WordPress are attacked 24% more than those running on all other content management systems combined.

Here's a closer look at the report.

WordPress In Hacker Crosshairs

In section 2.2.2 of the Imperva report, WordPress was identified as having suffered 60% more Cross Site Scripting incidents than all other CMS-running websites combined.

Other key findings include an increase of 10% in SQL Injection attacks, while retail websites were targeted by 48.1% of all attack campaigns. 

The most alarming find though, that WordPress is attacked 24% more than all other CMS combined, comes in the form of a graph within the report. The graph pits WordPress against, “the other popular CMS systems”.

Notably however, the other popular CMS were not named. 

Why WordPress in particular though? Imperva weigh in with this insight:

“When an application or a platform becomes popular, hackers realize that the ROI from hacking into these platforms or applications will be fruitful, so they spend more time researching and exploiting these applications, either to steal data from them, or to use the hacked systems as zombies in a botnet.”

A question I personally have about the report, is wether the sheer amount of live WordPress websites compared to any other CMS had any impact on the findings. Is WordPress hacked more often simply because it exists more abundantly, or because it is the most vulnerable CMS on the market?

I'd be inclined to the former conclusion.

To read the blog announcement of this report, click here. Otherwise, you can download the report for yourself