Sucuri’s 2018 Hacked Website Report

When putting together WordPress Security with Confidence, one of the best sources about actual WordPress site comprises was the Sucuri hacked website report. While a lot of WordPress security content (including my own) is informed by a small number of real and important first-hand exposures to WordPress security issues, in a given year Sucuri has literally thousands.

And while there are great reasons that they may choose not to share any data (competitive advantage, the real human time such a report takes to release for public analysis), I’m grateful to see that they’re keeping up the trend of sharing some of their data with the rest of us.

I also love that they start with the executive summary. I’ll encourage you to click through, but here are a few as teasers:


  • There was a notable decrease in the number of updated Joomla! installations at the point of infection.
  • The blacklist telemetry showed a 6% reduction in sites being blacklisted. Blacklist authorities only detected 11% of the sites we cleaned as malicious in 2018, which speaks to the importance of proper scanning and detection controls.
  • Our malware families analysis showed that SEO spam increased to 51.3% (up from 44% in 2017).


Add a Comment

Your email address will not be published. Required fields are marked *