Sucuri specialists submitted a report on hacking trends in 2018. Analysts concluded that WordPress was the most hacked CMS of the year, accounting for 90% of such attacks. Magento (4.6%), Joomla (4.3%) and Drupal (3.7%) follow by a huge margin.Experts write that most hacks are still associated with vulnerabilities not in the CMS themselves , but with misconfiguration, as well as vulnerabilities in plugins and themes that administrators often forget to update. Thus, only 56% of the sites studied by analysts worked with current software versions.
Oddly enough, being the “most hacked” WordPress is not the most poorly updated CMS. On the contrary, Sucuri writes that only 36% of hacked sites were working with outdated versions of WordPress, while hacking PrestaShop, OpenCart, Joomla or Magento almost guarantees that the problem lay in outdated software.