According to the latest data from the IBM X-Force team the reasons that WordPress sites are so open to attack are not exactly rocket science.
The WordPress platform pretty much dominates the content management system (CMS) driven web development market. The latest figures suggest it has a 60 percent share.
Cyber-criminals looking to host malicious content are drawn to legitimate sites, especially those that have been established for a while. WordPress often provides the entry point, or more accurately vulnerable and unpatched plugins do.
There have, according to IBM X-Force, been 238 releases of WordPress since May 2003, many of which addressed security issues. Yet five percent of sites had not updated to the latest version despite the previous versions having vulnerabilities being exploited in the wild. Despite WordPress having an automatic core update facility by default, it often gets turned off by site developers worried it could impact upon custom plugins and designs.
X-Force found that 68 percent of compromised hosts ran WordPress versions less than six months old, but only 40 percent a version less than 30 days old.
This article originally appeared at scmagazineuk.com