Statistics: 90% of WordPress Websites Were Infected In 2018

In the field of technology, hacking has become quite usual, and SEO spam plays a major role in doing so. According to the market share trends, it has been examined that WordPress has got 83 percent shift in CMS infections in 2017 and 90% in 2018. However, the infection rates of Magento, Joomla, and Drupal did not observe such an extent of infections.

CMS Infection Comparision (2017 - 2018)

Image from

There might be a plethora of reasons behind this. Some of which are as follows:

  • Indecorous distribution
  • Unawareness about security information
  • The site maintenance issues
  • Problems in the security configuration
  • Improper session management

Along with this, the outdated versions of the WordPress had been the major role players in causing CMS infections. According to a report from Sucuri, there are 44% of WordPress website are using out-of-date version, and 36.7% of it are infected.

Blacklist Analysissucuri report - blacklist analysis

Then comes the blacklisting process, in which the improper use of the website and flagged content allows the authorities like Google to blacklist the websites. In this, 95% of the traffic of the website get reduced within a short span. Even the majority of the websites get blocked just because they are not apt for the visitors due to spam and phishing.

According to the Blacklist analysis, 17% of websites had been blocked in 2017 and 11% in 2018 by Google. Where Google could capture only 10.4% of all the blacklists, Norton, McAfee, and Yandex grabbed 46.1 %, 40.9% and 15.3% of the blacklists respectively. It is quite evident that Antivirus companies grabbed the top line amongst the blacklist detectors. Where Google or other search engine do the detection process by using bots and crawlers, the antivirus companies have got several ways to do so.

Malware Families

The assessment of the attacker’s tactics, techniques and procedures (TTP) provided by Malware families help us aware about the future malicious threats. The Malware family includes Backdoor, Malware, Spam-SEO, Hacktool, Mailer, Defaced and Phishing as the main members. Knowing this, website developers have detected that there exists at least one PHP-based backdoor hidden in 68% of cleanup requests, which is the most affecting malware for the websites.

sucuri report - malware

Along with this, Malware family distribution is enhanced by 47% in 2017 and 56.4% in 2018 which attack the PHP functioning at a high extent. Not merely that, but SEO spams were the causes behind 51.3% of the cases as well. Over and all, 168 files were cleaned in 2017, but the percentage increased by 73.81% due to which, 292 files were available in 2018 for malware detection. The top files causing the malware functioning were index.php, fuctions.php, and wp-config.php by 34.5%, 13.5%, and 10.6% respectively. The modification of these PHP files by attackers lead the infections most.


Extrapolating the above, it is quite effortless to conclude that website hacking is not going to decrease with the snap of the fingers because the attackers are still trying hard to conquer the field. It is critical for you to select a managed WordPress hosting which provide enough security protection. Or else, you may also secure your WordPress website with daily malware & blacklisting scanning, Unlimited DDOS protection, Website Firewall with Full CDN support powered by Sucuri.

Similar Posts