Based on 2021 data, more hacking of websites took place through plug-ins and extensions than through outdated core CMS. When someone is going to attack a website, they try to cast a wide net so that they can get to as many websites as they can at one time. So if you're using a particular popular plugin that has a vulnerability, you are placing yourself in a position of being an easy target.
- Data compromise has occurred more frequently with extensions and plug-ins than it did with CMS.
- People believe that if the core CMS is up to date, it will keep hacks at bay, but you also do have to keep plug-ins updated.
- When hackers look to attack websites, they try to cast a large net to hit as many sites as they can at one time.
“Agencies or web professionals who manage older websites in shared environments are especially vulnerable to attacks that target outdated software.”