PDF warning: https://sucuri.net/wp-content/uploads/2022/04/22-sucuri-2021-hacked-report.pdf
Now, before you read this and think those numbers are large - there are over 455 *million* WordPress sites out there (out of 1.3 *billion* web sites). The numbers include other CMS applications - like Drupal and Joomla.
For reasons, one of my hosting clients recently had their WP end up compromised - using their monthly allotment of bandwidth pretty quickly from the little forensic examination I did. Worse, it wasn't even one that they were really using. (I'll avoid details.)
WordPress can be a wonderful thing - once you figure out how to use it *and* figure out how to secure it. One of the key security processes is to ensure everything is updated - use automatic updates *and* verify that it's doing so by checking in now and again, and that will eliminate a bunch of problems. And, really, only use plugins/themes you need and check ratings/comments before installing them. More plugins and themes means more chances for vulnerabilities.
Anyhow, in the report there are some large numbers - but those numbers aren't really that large and getting hacked can usually be prevented with due diligence. Anything will get hacked if someone puts enough effort into it. Most hacks are fairly automated these days. My Linux-Tips site gets thousands of attacks every month, and it's not even all that popular.
This is a weekly report from just one layer of security (I have multiple layers, each catching different things.)
So, that's not complete. It is however the bulk of them.
Anyhow, I'd read the report even if you don't use WordPress. There's some pretty interesting information in it.
Again:
I decided to post this to off-topic, as it doesn't quite fit in any other topic. While it is security related, it's not necessarily Linux related - inasmuch as keeping PHP up to date is something you should do regardless of which OS you're using for your server.
Now, before you read this and think those numbers are large - there are over 455 *million* WordPress sites out there (out of 1.3 *billion* web sites). The numbers include other CMS applications - like Drupal and Joomla.
For reasons, one of my hosting clients recently had their WP end up compromised - using their monthly allotment of bandwidth pretty quickly from the little forensic examination I did. Worse, it wasn't even one that they were really using. (I'll avoid details.)
WordPress can be a wonderful thing - once you figure out how to use it *and* figure out how to secure it. One of the key security processes is to ensure everything is updated - use automatic updates *and* verify that it's doing so by checking in now and again, and that will eliminate a bunch of problems. And, really, only use plugins/themes you need and check ratings/comments before installing them. More plugins and themes means more chances for vulnerabilities.
Anyhow, in the report there are some large numbers - but those numbers aren't really that large and getting hacked can usually be prevented with due diligence. Anything will get hacked if someone puts enough effort into it. Most hacks are fairly automated these days. My Linux-Tips site gets thousands of attacks every month, and it's not even all that popular.
This is a weekly report from just one layer of security (I have multiple layers, each catching different things.)
So, that's not complete. It is however the bulk of them.
Anyhow, I'd read the report even if you don't use WordPress. There's some pretty interesting information in it.
Again:
Website administrators using automatic plugin updates were among those with the lowest risk.
I decided to post this to off-topic, as it doesn't quite fit in any other topic. While it is security related, it's not necessarily Linux related - inasmuch as keeping PHP up to date is something you should do regardless of which OS you're using for your server.