Research shows that WordPress and health applications are the most popular targets for online attacks. If you’re currently using WordPress for your website or offering a healthcare app, here are some key facts and figures you should know.
Content Management Systems Are Most Vulnerable
A new report by Imperva revealed that content management systems (CMSes) like WordPress, Drupal and Joomla were attacked three times more often than other web applications. They’re often targeted by remote command execution (RCE) attacks. Out of the most popular CMSes, WordPress is a particularly favorite mark of hackers.
Hackers use plug-ins to break into CMSes. With more than 30,000 plug-ins, each with their own weaknesses, WordPress is especially vulnerable to this kind of attack. WordPress is also five times more likely than other CMSs to be hit by remote file inclusion (RFI) attacks.
Open-Source Frameworks Come With Increased Exposure
Developers in open-source frameworks are constantly generating new plugins and add-ons, without much dedicated focus on security. Although this kind of environment is exciting to work in, the fast pace of development increases the vulnerabilities of CMS applications – particularly WordPress, which is based on PHP. Hackers can sometimes exploit security weaknesses in PHP to attack sites built using the WordPress platform.
Healthcare Apps Also a Concern
Many healthcare apps are targeted by cross-site scripting (XSS) attacks, in which hackers try to insert their own scripts into an app or webpage. Fifty-seven percent of attacks against health apps are XSS attacks, with many hackers trying to hijack sessions to steal personally identifiable information. When conducting vulnerability assessments for your healthcare app, remember to consider the possibility of an XSS attack successfully accessing your users’ data.
Get Help When You Need It
Although healthcare apps and CMSes present security risks, there are steps you can take to protect yourself. If you use WordPress for your website, for example, ensure your plug-ins come from a verified developer and be careful about the information you put into your WordPress database. If you need more help to stay safe, contact Garland Heart to find out how our cyber security consulting services can protect you.