WordPress sites have been attacked 3 1/2 times more often recently. WP websites became attacked 7 times more often via (SEO)-spam and RFI attacks (remote file inclusion)
then their non-CMS-application counterparts.WordPress has a problem according to the Imperva report, that shows all sorts of plug-ins and extensions are being developed for it for where security does not play any role whatsoever and is a last-resort-issue.
So new vulnerabilities and exploits are being detected over and over again. Moreover WordPress is based on PHP, which often comes not securely implemented by developers. Read the report here:
http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdfMore often then not these sites are being flagged and alerted for insecure websites
but only after the fact, as such websites already have become compromised, attacked, defaced, malware ridden, spam-brewing and spewing, PHISHING and part of all sorts of mal-abuse under the sun. Part of such insecure websites are being taken down, in case of continuing abuse sites' accounts are suspended and/or ad-parked or terminated.
But I and some other here in the forums would like these sites set out as dangerous and open to all forms of abuse from one moment unto the other. Just like a truck should be taken off the road by a highway patrol when it has unsafe technology (slick tyres etc.) these websites
with such obvious insecurity because of incompetence and negligenge, should not be allowed any longer to be part of the Interwebs. Users of the Internet would be rather thankful.
polonus (volunteer website security analyst and website error hunter)