Which CMS is the most dangerous for your eCommerce site?

What do WordPress, Magento and Joomla all have in common? First, they are the most popular Content Management Systems (CMS) in use today. They also share another less encouraging similarity: they are among the most common hacking targets on the Internet. But which one of these CMS is the most dangerous for your eCommerce site?

WordPress breaks the records of security holes

#WordPress breaks the records of #security holes Click To Tweet

According to a Sucuri survey (Website hacked trend report, 2016 Q1), over 78% of all the websites in the first quarter of 2016 were built on the WordPress platform, followed by Joomla (14%) and Magento (5%). WordPress is the leading open-source CMS platform on the market adopted by businesses of all sizes and everyday website owners. In all instances, regardless of platform, the leading cause of infection is the exploitation of vulnerabilities in the CMS or in its components (themes and plugins).

dangerous-CMS-2016

From Website hacked trend report, 2016 Q1, Sucuri

It is not surprising when we know that cyber criminals have long discovered these security holes, with over 170,000 WordPress sites being hacked last year.

While the leading cause of infections stemmed from vulnerabilities found in the core of CMS and its components (plugins, themes), it’s important to understand why CMS are the most favorite target of hackers.

Why CMS platforms are common hacking targets?

Why #CMS platforms are common hacking targets? Click To Tweet

When you consider last news on the internet, it becomes obvious why hackers consider CMS to be appealing targets. As WordPress, Joomla, and Magento are such recognizable names, they provide some form of protection.

However, the opposite is true, CMS are vulnerable by nature because they are built on an open source framework. With a free and open source based platform, there is no one to take the responsabilities of security vulnerabilities on released versions. Since CMS are so popular, these security issues are highly sought by hackers.

Once a vulnerability is identified it can turn into a virtual gold mine for hackers, that can automate attacks on a large scale of eCommerce websites to optimize the ROI. If we add this concern with administrators that are using weak passwords, vulnerable to brute force attacks, the result can be dramatic.

We have often seen in past years, that hackers are using CMS vulnerabilities and weak passwords to inject malware in your site for DDoS, or establishing a silent backdoor to steal your customer data regularly and silently. Without forgetting if a malware is dectected on your eCommerce site, you can be blacklisted by Google and other major search engines.

What you can do to protect your CMS from vulnerabilities

What you can do to protect your #CMS from #vulnerabilities Click To Tweet

There are a number of things users can do to protect their eCommerce shop against hackers and fraudsters:

  • Update regularly their CMS, theme and installed plugins to ensure that all component are up to date. As soon as a dashboard message is displayed to announce the availability of an update, you should update or patch their CMS, and all installed plugins and themes immediately.
  • Regularly backup your CMS and its database every week.
  • Delete default admin usernames and use strong passwords (at least eight characters long, with a combination of upper and lower case, as well as both letters and numerical characters).
  • Assess regularly your website vulnerabilities and patch them.
  • Use a cybersecurity  solution to protect your website against advanced web attacks such as DDoS and XSS attacks that can be deadly to your online business.

OZON is a cybersecurity solution dedicated to eCommerce sites, that can be helpful for those who are looking to assess their CMS to find vulnerabilities and patch them easily. It also offers a robust protection against advanced web attacks (DDoS, XSS) and fraudsters.

There are two good news:

  1. OZON is free to try for 30 days, enough time to assess your eCommerce site.
  2. OZON offers a free connector to all its customers based on a PrestaShop or Magento platform.

Régis Rocroy
Engaged in IT security at the beginning of the Internet revolution, I'm acting as security consultant and security architect for accounts in banking and eCommerce.