Sucuri’s 2018 Hacked Website Report
When putting together WordPress Security with Confidence, one of the best sources about actual WordPress site comprises was the Sucuri hacked website report. While a lot of WordPress security content (including my own) is informed by a small number of real and important first-hand exposures to WordPress security issues, in a given year Sucuri has literally thousands.
And while there are great reasons that they may choose not to share any data (competitive advantage, the real human time such a report takes to release for public analysis), I’m grateful to see that they’re keeping up the trend of sharing some of their data with the rest of us.
I also love that they start with the executive summary. I’ll encourage you to click through, but here are a few as teasers:
- There was a notable decrease in the number of updated Joomla! installations at the point of infection.
- The blacklist telemetry showed a 6% reduction in sites being blacklisted. Blacklist authorities only detected 11% of the sites we cleaned as malicious in 2018, which speaks to the importance of proper scanning and detection controls.
- Our malware families analysis showed that SEO spam increased to 51.3% (up from 44% in 2017).