The widespread use of off-the-shelf CMS systems has attracted attackers' attention because if they have an unknown vulnerability for one of them in their pocket, it can be used to compromise many websites.
"Hackers are always looking to get the most profit for the least work," Barry Shteiman, a senior security strategist at Imperva, said an interview. "With these CMS systems, they can do their work once and then hack many, many sites."
Many of CMS systems, like WordPress, are easy to use. That's a good thing for users, but it's not so good for site security. "The biggest issue with WordPress is that its users are not always the most technically savvy," Michael Sutton, vice president of security research at Zscaler, said in an email.
"WordPress is designed to be fairly easy and straight-forward to install," he continued, "so security is an afterthought for many of its users."
In addition, many bloggers and other CMS users aren't concerned about someone breaking into their Web locale because they believe they don't have anything worth stealing. That may be true, but it doesn't mean they don't have something valuable to hackers.
"What they don't realize is that hacking into a website has become all about distributing malware," Marc Gaffan, founder of Incapsula, said in an interview. "If you have a lot of people coming to your website, it's a great place to infect your visitors."
Sign up for CIO Asia eNewsletters.