Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).

In the report, Imperva’s application defense center group analyzed 297,954 attacks and 22,850,023 alerts on 198 of the applications it protects behind its WAF. The data is from January 1st, 2015 – June 30th, 2015 and provides a solid overview of the number and types of attacks web applications are experiencing.

The report covers a lot of ground but for the purpose of this site, I’m focusing on WordPress.

Analysis Methodology

Automated tools recorded the web applications’ traffic and malicious events were documented in log files. Imperva’s application defense center group analyzed the data using special-purpose software and its knowledge base.

You can find more information that explains how the data was analyzed on page seven of the report.

Read more at WP Tavern.

WordPress Security

Imperva's Web Application Attack Report outlines various web attacks like SQL injection, Remote File Inclusion, Directory Traversal, Cross-Site Scripting, comment spam, Remote Command Execution and File Upload.

Since scriptkiddies will try to use all techniques (their scripts make) available, your WordPress site has to be secured against these types of attacks. WordPress security is a major subject on Saotn.org, browse the Windows Server – if you host WordPress on Windows Server IIS – security and WordPress archives, or simply search for WordPress, to stay ahead of these types of attacks against WordPress sites. Knowledge is key in keeping your website secure!

This may interest you:   SMTP over Hidden Services with postfix