“WordPress infections rose from 83% in 2017 to 90% in 2018.”

It’s not a typo, that is really correct. Queue frantic emails to IT departments and marketing teams as organisations check to see what platform their website is currently on. This topic isn’t new to us as we have been building websites in Perth for years and know that security, especially with government websites, intranets and portals, is crucial.

A report just released by GoDaddy Security / Sucuri brings up some serious discussion points as organisations look for affordable web design and may not be aware of exactly what they are receiving from their chosen CMS. The report provides some insights into the latest trends tactics, techniques, and procedures seen on websites that Sucuri provided services for in 2018. They conducted a CMS Security Analysis on the infected websites, comparing them by the platforms used and the results are quite fascinating.

19-sucuri-2018-hacked-report-infected-website-platform.png

[Source Sucuri]

CMS infections were compared between popular platforms such as WordPress, Magento, Joomla! and Drupal. A total of 25,466 infected websites and 4,426,795 cleaned files were analysed in the making of the report.

Make sure you have the latest CMS version

With the launch of Kentico version 12, our clients have been benefitting from some handy new features not to mention the highly secure platform itself. In the report from Sucuri it was found that of the sites they investigated 56% were outdated at the time of being hacked.

19-sucuri-2018-hacked-report-outdated-updated-cms.png

The rest of the data also speaks for itself showing the correlation between an outdated CMS and infection. E-commerce sites were especially vulnerable with many choosing, “to avoid updates to avoid breaking functionality and losing money.”

Keeping modules, plugins or themes updated

It seemed to be a trend that threats to CMS’ had been from vulnerabilities introduced by add-on modules, plugins, themes and extensions. Even more alarming were some of the common causes found by Sucuri for issues including poor deployment, security configuration issues, lack of security knowledge and resources, poor site maintenance by webmasters, broken authentication and session management. Our team has 3 certified Kentico developers so we can constantly support our clients with the highest standards and industry leading techniques, avoiding these kinds of issues.


The report also highlighted that, “51.3% of all infection cases in 2018 were related to SEO spam campaigns,” and, “68% of all cleanup requests revealed at least one PHP-based backdoor hidden within the site.” Most of us may not fully comprehend what all the data means, but we can agree the idea of getting blacklisted by Google sounds bad.

How to protect yourself

It has never been more important to partner with companies who can help navigate the ever changing technological world. If you have concerns with how your Perth website has been built, maintained or are need some support to continue your digital transformation, get in touch with our team for a free consultation.