A recent attack report collected by Imperva has implicated WordPress as the content management system most vulnerable to attacks, statistically speaking. According to the web security company, the number of WordPress sites attacked is with twenty-four percent higher than the overall number of websites using different content management systems combined.
WordPress has also been found to be sixty percent more vulnerable to cross-site scripting incidents than the other content management systems combined. This combination of attacks and vulnerabilities indicates that WordPress is in need of additional safety features for users.
An additional element of the report shows that just under half of all of the attack campaigns that it found targeted retail applications and websites. Financial institutions came in second, with a significantly lower ten percent share of the total number of attacks.
Imperva’s report came as a result of an Application Defense Center analysis that provided statistical information about attacks from a series of 99 applications under the protection of Imperva’s Web Application Firewalls between the dates of August 1st, 2013 and April 30, 2014.
The most commonly attacked sites are those that require logging in, since the presence of a user login implies that the website contains specific consumer information. These types of WordPress sites suffered fifty nine percent of all attacks, and sixty three percent of the SQL Injection attacks.
While a great number of attacks originate in other countries, mostly US hosts are used to attack these websites because of the fact that those hosts are geographically closer to the targets they want to access. It has even been found that Infrastructure-as-a-service providers are regularly used to host attacks.
Amazon Web Services has repeatedly come up as the origin of twenty percent of known vulnerability exploitation attempts in the report, and other IaaS providers will have to worry about their servers being compromised as well.