Imperva WAAR Report 2015: WordPress attacks highest of all CMS’s

Security attacks on websites and blogs are higher than ever before. According to Imperva’s new Web Application Attacks Report, Content Management Systems (CMS’s) were attacked three times more often than other Web applications. The data security firm confirmed that WordPress has unfortunately been the victim 3.5 times more than the others.

It comes as no surprise that WordPress is the most attacked CMS. Not only is the most popular service but new data from W3Techs, which measures both usage and market share, reported last week that WordPress accounts for a quarter of the web. They said,“WordPress is used by 58.7% of all the websites whose content management system we know. This is 25.0% of all websites.”

As 2015 draws to a close, WordPress has taken a real beating this year with an increase in brute-force attacks. Hackers and malware are doing a lot of damage by taking advantages of vulnerabilities caused by weaknesses in the 30,000+ plugins on WordPress.

Imperva’s report said,“CMS frameworks are mostly open source, with communities of developers continuously generating sequences of plugins and add-ons, without concerted focus towards security. This developer model constantly increases the vulnerabilities in CMS applications, especially for WordPress which is also PHP based.”

Non-CMS applications were less susceptible to remote command execution (RCE) attacks than CMs’s according to the report’s findings. Furthermore, the report found that WordPress is five times likelier than other CMS’s to be hit by remote file inclusion (RFI) attacks.

Some of the trends discovered in Imperva’s annuals report were continuing from last year’s report, such as increased SQL Injection (SQLi) and Cross-Site-Scripting (XSS) attacks and more attacks on WordPress. A newcomer this year is the mega trend of Shellshock Remote Code Execution (RCE) attacks, scanning web applications on an equal basis.

The report said, “We conclude that the increasing availability of web attack tools and services — with computational power becoming less expensive and ubiquitous — are driving the new wave of volumetric malicious attacks. The evolution of attacks against web applications has continued with increased sophistication, magnitude, and velocity. However, there is hope thanks to the growing effectiveness of reputation-based detection mechanisms, and their ability to identify attacks by tracking previously identified malicious activity to its origins.”