{"id":92926,"date":"2026-04-01T00:02:11","date_gmt":"2026-04-01T05:02:11","guid":{"rendered":"https:\/\/www.bricktowntom.com\/blog\/?p=92926"},"modified":"2026-04-01T00:02:11","modified_gmt":"2026-04-01T05:02:11","slug":"2021-sucuri-hacked-website-threat-report","status":"publish","type":"post","link":"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html","title":{"rendered":"2021 Sucuri Hacked Website Threat Report"},"content":{"rendered":"<p><em>Editor&#8217;s note: This post originally appeared April 28, 2022 on the <a href=\"https:\/\/blog.sucuri.net\" link=\"external\" rel=\"nofollow external noopener\">Sucuri blog<\/a>.<\/em><\/p>\n<p>Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We\u2019ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors.<\/p>\n<p>This year\u2019s report is a collection of observations made by Sucuri\u2019s Research and Remediation teams from data collected on web-based malware, vulnerable software, and attacks during 2021.<\/p>\n<p><a class=\"small\" href=\"https:\/\/sucuri.net\/reports\/2021-hacked-website-report\/\" data-wpel-link=\"external\" rel=\"nofollow external noopener\">Download Full Report<\/a><\/p>\n<blockquote>\n<p>The data used in this report is a representative sample of the total number of websites that our Remediation team performed services for throughout the year 2021, as well as more than <b>132 million<\/b> SiteCheck scans. This data reflects the environments of our clients and not the web as a whole.<\/p>\n<\/blockquote>\n<p>This was a great project to work on and we uncovered a lot of interesting data, particularly with observing trends in credit card skimming malware and WordPress. Some trends from previous years continued while some fresh ones emerged.<\/p>\n<p>Our\u00a0<a href=\"https:\/\/sucuri.net\/reports\/2021-hacked-website-report\/\" rel=\"noopener nofollow external\" data-wpel-link=\"external\">hacked website report<\/a> contains a lot of new data, including sections on emerging malware to help us analyze and understand trends in the threat landscape. We also provide an analysis of the most severe and common software vulnerabilities present within the WordPress ecosystem during 2021.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Key_takeaways\" >Key takeaways<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Software_distribution\" >Software distribution<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Vulnerable_software_and_components\" >Vulnerable software and components<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Out-of-date_CMS\" >Out-of-date CMS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Out-of-date_CMS_distribution\" >Out-of-date CMS distribution<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Top_malware_infections\" >Top malware infections<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Malware\" >Malware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Backdoors\" >Backdoors<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Credit_card_skimmers\" >Credit card skimmers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#SEO_spam\" >SEO spam<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Phishing\" >Phishing<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#SiteCheck_and_blocklist_analysis\" >SiteCheck and blocklist analysis<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Blocklisted_domains\" >Blocklisted domains<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Spam\" >Spam<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.bricktowntom.com\/blog\/04\/2021-sucuri-hacked-website-threat-report.html\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Key_takeaways\"><\/span>Key takeaways<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li><b>Vulnerable plugins and extensions account for far more website compromises than out-of-date, core CMS files.<br \/>\n<\/b>Websites containing a recently vulnerable plugin or other extension are most likely to be caught up in malware campaigns.<\/li>\n<li><b>Default configurations of popular website software applications remain a serious liability.<br \/>\n<\/b>By default, WordPress administrator panels contain no multi-factor authentication, nor a limit on failed login attempts.<\/li>\n<li><b>Responsible disclosure and proactive security monitoring is key to maintaining a safe web.<br \/>\n<\/b>Some major catastrophes were avoided in 2021. Major plugins with millions of installations had vulnerabilities patched with very few incidents, due to proactive security monitoring, patching, and exceptional communication with the public.<\/li>\n<li><b>Credit card skimming is on the rise, especially for WordPress.<br \/>\n<\/b>Hacker groups are actively developing and customizing their malware. Each variation is distributed to a small number of sites, but the overall number of affected sites is significant.<\/li>\n<li><b>SEO spam continues to be a menace.<br \/>\n<\/b><b>52.6% <\/b>of remediated websites contained some form of SEO spam in 2021. Spam also accounted for <b>34.45%<\/b> of infected SiteCheck detections.<\/li>\n<li><b>Backdoors and malicious admin users remain the backbone of many compromises.<br \/>\n<\/b>Backdoors are extremely common, with <b>60.04%<\/b> of infected environments containing at least one website backdoor.<\/li>\n<li><b>Website reinfections remain common.<br \/>\n<\/b>A website compromise can be a miserable experience. Website owners are often averse to taking all the necessary post-infection steps, but if measures aren\u2019t taken the attackers are likely to return.<\/li>\n<li><b>Malware tends to focus on either quality or quantity.<br \/>\n<\/b>The goal of spam and redirect malware is to compromise as many websites as possible, in the shortest time period possible, to affect as many users as possible. They do not care about staying hidden. Malware that compromises credit card details is the opposite: They try to have a small, very well hidden payload to stay present as long as possible in order to steal as many card numbers as they can.<\/li>\n<li><b>Cryptomining attacks are no longer very common.<br \/>\n<\/b>Cryptomining has largely moved away from website and server environments, focusing instead on dedicated hardware \u201cfarms\u201d.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Software_distribution\"><\/span>Software distribution<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Based on our data, the following graph illustrates the usage of different CMS platforms among our client base.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28679 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/cmsinfections.png?resize=512%2C491&#038;ssl=1\" alt=\"\" width=\"512\" height=\"491\" \/><\/p>\n<p>These data sets indicate that WordPress continues to be the most popular CMS among our user base, accounting for<b> 95.62%<\/b> of clients in 2021. As seen in past years, Joomla (<b>2.03%<\/b>) followed in second place with Drupal (<b>0.82%<\/b>) taking third.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Vulnerable_software_and_components\"><\/span>Vulnerable software and components<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Out-of-date_CMS\"><\/span><b>Out-of-date CMS<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The percentage of websites that had an out-of-date CMS at the time of infection was roughly equal.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28680 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/cmsoutofdate.png?resize=477%2C512&#038;ssl=1\" alt=\"\" width=\"477\" height=\"512\" \/><\/p>\n<p>Our data suggests that out-of-date CMS only roughly correlates to infection, and points to the usage of vulnerable plugins and themes as well as unsecured admin panels to be of greater importance in terms of security risk.<\/p>\n<p>The presence of out-of-date CMS may not necessarily be the attack vector itself but rather a symptom of a lack of maintenance of the environment.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Out-of-date_CMS_distribution\"><\/span><b>Out-of-date CMS distribution<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Out of all of the websites submitted for malware cleanup, WordPress and ModX were by far the most well maintained at the point of infection.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28681 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/outofdatecms2.png?resize=512%2C287&#038;ssl=1\" alt=\"\" width=\"512\" height=\"287\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Top_malware_infections\"><\/span>Top malware infections<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>To identify the most common malware types seen on compromised websites in 2021, our team aggregated and analyzed the data from malware signatures detected and cleaned during <a href=\"https:\/\/sucuri.net\/website-malware-removal\/\" data-wpel-link=\"external\" rel=\"nofollow external noopener\">Incident Response<\/a>.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28682 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/familydist.png?resize=512%2C403&#038;ssl=1\" alt=\"\" width=\"512\" height=\"403\" \/><b><\/b><\/p>\n<blockquote>\n<p>Why is there a percentage overlap?<\/p>\n<p>Our teams regularly find multiple types of malware on a compromised website. For example, attackers might infect a website with spam and plant a website backdoor on a website to maintain access to the environment.<\/p>\n<\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Malware\"><\/span>Malware<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In 2021, <b>61.65% <\/b>of remediated websites were flagged with the malware category. Malware is a very broad category which often includes code designed to redirect website visitors to scam and other malicious websites or steal login credentials. It typically engages in some type of malicious action against site visitors, in contrast to backdoors and hack tools that facilitate hacker activities or spam that aims to increase SEO rankings to third party sites.<\/p>\n<p>The top ten most common malware types we cleaned were as follows:<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28684 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/cleanupsignatures2021.png?resize=512%2C340&#038;ssl=1\" alt=\"\" width=\"512\" height=\"340\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Backdoors\"><\/span>Backdoors<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Backdoors were one of the most common threats found on compromised websites in 2021, with <b>60.04%<\/b> of all infected sites containing at least one backdoor.<\/p>\n<p>An important tool for attackers, our analysts typically find backdoors alongside many other types of malware. This malware bypasses regular access channels, granting attackers full access to the website backend. Once installed, a backdoor can be used to maintain access to the compromised environment long after the infection has occurred, making it easy for the attacker to reinfect the site after the payload is removed.<\/p>\n<p>We analyzed the different types of backdoors we detected and cleaned in 2021 and found the following distribution.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28685 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/backdoortypes2021.png?resize=512%2C314&#038;ssl=1\" alt=\"\" width=\"512\" height=\"314\" \/><\/p>\n<ul>\n<li><b>Uploader<br \/>\n<\/b>A type of backdoor which allows the attackers to upload files to the victim environment.<\/li>\n<li><b>Webshell<br \/>\n<\/b>These backdoors allow the attackers full access to the website file system.<\/li>\n<li><strong>RCE<br \/>\n<\/strong>The backdoor will attempt to execute the command issued by the attackers.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Credit_card_skimmers\"><\/span>Credit card skimmers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Credit card skimmers have increased significantly from previous years and the behavior has become more targeted. A growing number of credit card theft has been occurring on independent websites where the store has set up their own ecommerce website.<\/p>\n<p>Over 25% of all new PHP malware signatures generated in 2021 were for credit card skimmers.<\/p>\n<p>In 2021, <a href=\"https:\/\/sitecheck.sucuri.net\/\" rel=\"noopener nofollow external\" data-wpel-link=\"external\">SiteCheck detections<\/a> found that <strong>34.5%<\/strong> of websites infected with a credit card skimmer were running WordPress.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28700 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/skimmerbycms2021.png?resize=512%2C365&#038;ssl=1\" alt=\"\" width=\"512\" height=\"365\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"SEO_spam\"><\/span>SEO spam<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SEO spam still remains one of the most common website compromises, with <b>52.6% <\/b>of remediated websites containing SEO spam. Infections typically occur via PHP, database injections, or .htaccess redirects.<\/p>\n<p>SEO attacks often infect websites with redirects and spam, referring site visitors to spam landing pages. These attacks can significantly impact rankings and organic traffic from popular search engines like Google, Bing, and Yahoo who block websites with malicious content.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28687 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/seospam2021.png?resize=512%2C427&#038;ssl=1\" alt=\"\" width=\"512\" height=\"427\" \/><\/p>\n<p>Our analysis revealed that <b>33.3%<\/b> of SEO spam infections were spam doorways, which produce subsections of dynamic spam content on a compromised website. Another <b>32.2%<\/b> of SEO spam infections were related to spam injectors, responsible for peppering a compromised environment with hidden spam links for SEO purposes.<\/p>\n<p>Unsurprisingly, our analysis revealed that the most common SEO spam themes and keywords on compromised websites included pharmaceuticals like Viagra and Cialis.<\/p>\n<p><b>Top spam themes<\/b><\/p>\n<ul>\n<li>Pharmaceuticals<\/li>\n<li>Essay writing services<\/li>\n<li>Knockoff jerseys and other brand name products<\/li>\n<li>Escort services<\/li>\n<li>Adult websites<\/li>\n<li>Online casinos<\/li>\n<li>Replica watches<\/li>\n<li>Pirated software<\/li>\n<\/ul>\n<p>Left untreated, SEO spam can seriously damage a website\u2019s reputation and take a significant time to recover. Website owners may experience a loss in revenue, hijacked search results, browser warnings, or even blocklisting.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Phishing\"><\/span>Phishing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Phishing has become more prevalent in recent years, with<b> 7.39%<\/b> of websites containing some form of phishing in 2021. By and large what we see are legitimate websites hacked to host phishing content. This distances the attacker from their payload and allows them to avoid culpability and lower their costs.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28689 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/phishingsigs2021.png?resize=512%2C362&#038;ssl=1\" alt=\"\" width=\"512\" height=\"362\" \/><br \/>\nPhishing tends to target login credentials for cloud services such as Microsoft Office and Adobe, as well as financial institutions and popular services such as Netflix. Stolen passwords are also used in <a href=\"https:\/\/blog.sucuri.net\" link=\"external\" rel=\"nofollow external noopener\">credential stuffing attacks<\/a>.<\/p>\n<p>The majority of phishing were payloads (phishing landing pages) targeting a wide variety of companies and services. A large portion of attackers used ready-made, pre-built phishing kits and installed them onto their targets.<\/p>\n<p>These kits contain some key component parts:<\/p>\n<ul>\n<li>A payload landing page<\/li>\n<li>A mailer script to either send the compromised data to the attackers or to send out phishing emails to victims<\/li>\n<li>Code designed to prevent search engines from indexing the payload<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"SiteCheck_and_blocklist_analysis\"><\/span>SiteCheck and blocklist analysis<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Our <a href=\"https:\/\/sitecheck.sucuri.net\/\" data-wpel-link=\"external\" rel=\"nofollow external noopener\">SiteCheck tool<\/a> is one of our most important website security monitoring tools. It is free to use and scans millions of websites per year.<\/p>\n<p>Since it is an external monitoring tool, it cannot see infections that do not display outwardly on websites (such as PHP backdoors). For a comprehensive solution, Sucuri clients have full access to our <a href=\"https:\/\/sucuri.net\/malware-detection-scanning\/\" data-wpel-link=\"external\" rel=\"nofollow external noopener\">server-side scanning and monitoring<\/a>.<\/p>\n<p>We queried the scans performed on SiteCheck during 2021 to identify the trends seen for our remote security scanner.<\/p>\n<p>From the <b>132,374,781 <\/b>scans performed with SiteCheck in 2021, a whopping <b>10.38% <\/b>of websites were identified as containing out-of-date software and <b>4.34% <\/b>were identified as infected. Of these infected websites, <b>34.45%<\/b> had been identified as containing SEO spam while less than<b> 1%<\/b> were website defacements.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Blocklisted_domains\"><\/span>Blocklisted domains<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Within the top blocklisted resources, we found a number of domains related to the <a href=\"https:\/\/blog.sucuri.net\/\" link=\"external\" rel=\"nofollow external noopener\">massive WordPress campaign<\/a> our team has been tracking for several years.<\/p>\n<p>This campaign largely aims to redirect users to spam, malware and scam sites. Nearly all of the domains listed below were present in siteurl\/home database infections or in injections targeting <b>wp_post<\/b> content in WordPress environments.<\/p>\n<p>To dig a bit deeper, we analyzed the top blocklisted resources for this ongoing campaign.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28690 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/topblocklisted2021.png?resize=512%2C363&#038;ssl=1\" alt=\"\" width=\"512\" height=\"363\" \/><\/p>\n<p>One prevalent theme that differed from previous years was the high prevalence of <b>.ga<\/b> (Gabon) and <b>.tw<\/b> (Taiwan) domains used in redirect campaigns. These top-level domains have <a href=\"https:\/\/blog.sucuri.net\" link=\"external\" rel=\"nofollow external noopener\">become very popular among attackers<\/a> due to lack of active regulation and domain ownership restrictions<i>.<\/i><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Spam\"><\/span>Spam<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SEO spam accounted for <b>34.45%<\/b> of the infected websites scanned with SiteCheck in 2021. Since this number was so significant, we dug a bit deeper to break down the types of spam found on these compromised environments.<\/p>\n<p>Our analysis of the top ten SEO spam signatures for SiteCheck revealed a few prevalent themes.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-28701 alignnone\" src=\"https:\/\/i0.wp.com\/blog.sucuri.net\/wp-content\/uploads\/2022\/04\/seospambreakdown2021b.png?resize=512%2C177&#038;ssl=1\" alt=\"\" width=\"512\" height=\"177\" \/><\/p>\n<p>Unsurprisingly, the most common theme was related to pharmaceuticals with <b>28.03% <\/b>of SEO spam content found to be related to themes like Viagra and Cialis. This indicates that despite the long legal battles fought by pharmaceutical companies against spammers, knock-off drugs continue to be an important source of revenue for attackers.<\/p>\n<p>A predominant number of signatures were also found relating to Japanese SEO spam (<b>22.13%)<\/b>. These ongoing SEO Japanese Spam campaigns pollute victim\u2019s website search results with knock-off designer goods.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>At its core, maintaining a good security posture comes down to a few core principles: keep your environment updated and patched, use strong passwords, exercise the principle of least privilege, and leverage a <a href=\"https:\/\/sucuri.net\/website-hack-protection\/\" data-wpel-link=\"external\" rel=\"nofollow external noopener\">web application firewall WAF<\/a> to filter malicious traffic.<\/p>\n<p>Check out the full <a href=\"https:\/\/sucuri.net\/reports\/2021-hacked-website-report\/\" rel=\"noopener nofollow external\" data-wpel-link=\"external\">hacked website report<\/a> to get the entire story on our 2021 research and remediation analysis!<\/p>\n<p>The post 2021 Sucuri Hacked Website Threat Report appeared first on <a rel=\"follow noopener\" href=\"https:\/\/www.godaddy.com\/garage\" data-wpel-link=\"internal\" target=\"_self\">GoDaddy Blog<\/a>.<\/p>\n<p>Source: Go Daddy Garage<\/p>\n<p id=\"kc_opp\"><small>Republished by  <a href=\"http:\/\/www.blogtrafficexchange.com\/\">Blog Post Promoter<\/a><\/small><\/p>","protected":false},"excerpt":{"rendered":"<p>Editor&#8217;s note: This post originally appeared April 28, 2022 on the Sucuri blog. Our 2021 Website Threat Research Report details our findings and &hellip;<\/p>\n","protected":false},"author":1,"featured_media":92927,"comment_status":"false","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[23511],"tags":[126],"class_list":["post-92926","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ebusiness-emarketing","tag-information"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.bricktowntom.com\/blog\/wp-content\/uploads\/2022\/05\/threat-300x141-1.jpg?fit=300%2C141&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p3k0YU-oaO","jetpack-related-posts":[{"id":93187,"url":"https:\/\/www.bricktowntom.com\/blog\/04\/godaddy-team-innerview-website-security-care.html","url_meta":{"origin":92926,"position":0},"title":"GoDaddy Team Innerview: Website Security\u00a0Care","author":"admin","date":"April 13, 2026","format":false,"excerpt":"For pros, website security can be one of the toughest areas of web design and development. It\u2019s why Sucuri has been refining the experience since 2009. Now a member of the GoDaddy family of brands, Sucuri powers Website Security from GoDaddy. For nearly a decade, Krystle Herbrandson has held leadership\u2026","rel":"","context":"In &quot;E-business &amp; E-marketing&quot;","block_context":{"text":"E-business &amp; E-marketing","link":"https:\/\/www.bricktowntom.com\/blog\/category\/ebusiness-emarketing"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":92939,"url":"https:\/\/www.bricktowntom.com\/blog\/04\/wordcamp-europe-2022-its-been-a-minute-but-were-back-in-person.html","url_meta":{"origin":92926,"position":1},"title":"WordCamp Europe 2022: It\u2019s been a minute, but we\u2019re back in person\u00a0","author":"admin","date":"April 4, 2026","format":false,"excerpt":"At GoDaddy Pro, we\u2019re super-pumped to finally (finally!) be back in person at this year\u2019s WordCamp Europe, which runs June 2 to June 4 in Porto, Portugal. We sure missed being around our fellow WordPressers, but we weren\u2019t snoozing during the lockdowns. Catch up with us at WCEU and you\u2019ll\u2026","rel":"","context":"In &quot;E-business &amp; E-marketing&quot;","block_context":{"text":"E-business &amp; E-marketing","link":"https:\/\/www.bricktowntom.com\/blog\/category\/ebusiness-emarketing"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.bricktowntom.com\/blog\/wp-content\/uploads\/2022\/05\/wceu1-300x200-1.jpg?fit=300%2C200&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":92953,"url":"https:\/\/www.bricktowntom.com\/blog\/05\/essential-plugins-to-build-better-wordpress-sites-for-clients.html","url_meta":{"origin":92926,"position":2},"title":"Essential plugins to build better WordPress sites for clients\u00a0","author":"admin","date":"May 1, 2026","format":false,"excerpt":"With over 55,000 known plugins available for WordPress, it can get just a little confusing \u2014 to say the least \u2014 knowing the essential plugins for a WordPress site. There are plugins for functionality, SEO, security, and more. While there is no end-all-be-all plugin or plugin array, certain plugins one\u2026","rel":"","context":"In &quot;E-business &amp; E-marketing&quot;","block_context":{"text":"E-business &amp; E-marketing","link":"https:\/\/www.bricktowntom.com\/blog\/category\/ebusiness-emarketing"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.bricktowntom.com\/blog\/wp-content\/uploads\/2022\/05\/wordpress-ga87cc388a_12801-300x200-1.jpg?fit=300%2C200&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":93159,"url":"https:\/\/www.bricktowntom.com\/blog\/04\/setting-up-google-analytics-automated-reports-for-a-wordpress-website.html","url_meta":{"origin":92926,"position":3},"title":"Setting up Google Analytics automated reports\u00a0for a WordPress website","author":"admin","date":"April 8, 2026","format":false,"excerpt":"Google Analytics can help understand what people do when they enter a WordPress website, how long they stay, and which part of the website converts the best. You only need to install a Google Analytics plugin on a WordPress website, and you will start receiving this information immediately. However, if\u2026","rel":"","context":"In &quot;E-business &amp; E-marketing&quot;","block_context":{"text":"E-business &amp; E-marketing","link":"https:\/\/www.bricktowntom.com\/blog\/category\/ebusiness-emarketing"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.bricktowntom.com\/blog\/wp-content\/uploads\/2022\/06\/analytics-2618277_12801-300x200-1.jpg?fit=300%2C200&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":93051,"url":"https:\/\/www.bricktowntom.com\/blog\/04\/wordcamp-europe-2022.html","url_meta":{"origin":92926,"position":4},"title":"WordCamp Europe 2022","author":"admin","date":"April 25, 2026","format":false,"excerpt":"We\u2019re thrilled to be back at WordCamp Europe this year.\u00a0 After a long hiatus for WordPress events in person, it\u2019s finally time for the WordPress community to be together in person again. This year\u2019s event is occurring in Porto, Portugal for the 10th anniversary of WCEU. Can\u2019t join in person\u2026","rel":"","context":"In &quot;E-business &amp; E-marketing&quot;","block_context":{"text":"E-business &amp; E-marketing","link":"https:\/\/www.bricktowntom.com\/blog\/category\/ebusiness-emarketing"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":92873,"url":"https:\/\/www.bricktowntom.com\/blog\/04\/u-s-podcast-listenership-continues-to-grow-and-audiences-are-resuming-many-pre-pandemic-spending-behaviors.html","url_meta":{"origin":92926,"position":5},"title":"U.S. podcast listenership continues to grow, and audiences are resuming many pre-pandemic spending behaviors","author":"admin","date":"April 27, 2026","format":false,"excerpt":"During a pandemic that drove millions indoors, and in front of screens, a funny thing happened with podcasts: audience engagement increased. And in addition to the wealth of new listeners, engagement among listeners is growing. While the rise in engagement is somewhat contrary to what might be expected amid the\u2026","rel":"","context":"In &quot;A Few Things&quot;","block_context":{"text":"A Few Things","link":"https:\/\/www.bricktowntom.com\/blog\/category\/a-few-things"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/posts\/92926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/comments?post=92926"}],"version-history":[{"count":7,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/posts\/92926\/revisions"}],"predecessor-version":[{"id":102442,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/posts\/92926\/revisions\/102442"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/media\/92927"}],"wp:attachment":[{"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/media?parent=92926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/categories?post=92926"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bricktowntom.com\/blog\/wp-json\/wp\/v2\/tags?post=92926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}