Security Experts:

Connect with us

Hi, what are you looking for?



SEO Spam Dominated Website Infections in 2019: Report

Last year, SEO spam was the most frequently observed threat on compromised websites, according to a new report from GoDaddy-owned web security company Sucuri.

Last year, SEO spam was the most frequently observed threat on compromised websites, according to a new report from GoDaddy-owned web security company Sucuri.

Nearly two-thirds of infected websites had a form of SEO spam present, with database spam being the most prevalent form of infection. At least one form of backdoor was found on 47% of the compromised websites, providing attackers with persistent access to the infected environment.

During 2019, 60% of websites were vulnerable at the point of infection, marking an increase of 4% compared to the previous year and indicating that patches are not installed in a timely manner. Over 56% of all CMS applications were found to be outdated, Sucuri’s 2019 Website Threat Research Report (PDF) shows.

Attacks involving credit card stealers and e-commerce sites went up last year, and Sucuri says it removed over 1,700 client-side and 600 server-side stealers from infected websites.

The report also reveals that vulnerable third-party components and software defects were the primary infection vector last year. Sucuri discovered that 44% of vulnerable websites had more than one vulnerable piece of software, with 10% of them having at least four vulnerable components.

One of the most common vectors was the improper implementation of the function update_option(), which is used to update any entry in the options database table. Attackers can target the weakness to gain admin access or inject arbitrary data into the site.

A total of 54 plugins were found affected by the update_option() function vulnerability in 2019, five of them with more than 100,000 installations each: Wp File Manager (500,000 installations), Easy WP SMTP (400,000), Fremius Library (200,000), Newspaper and other old tagDiv themes (100,000), and WordPress GDPR Compliance (100,000).

Last year, the Sucuri Firewall mitigated over 170 million attack attempts — a 52% increase from the previous year — with bad bots (15.8% of attacks), comment spam (6.8%), and virtual patching for known vulnerabilities (11.4%) being the most common types of incidents and malicious behavior observed.

There were only 9 new crypto-miner domains blacklisted in 2019, significantly fewer than 2018, when 100 such domains suffered the same fate. The change is likely the effect of lower crypto-currency prices and the shutdown of CoinHive during the first quarter of 2019.

Sites infected with SEO spam and generic malware experienced the largest rate of re-infections. According to the report, 20% of infected Magento websites had been re-infected with credit card skimmers, underlining the importance of adopting strong post-hack protection following cleanup.

WordPress was the most popular content management system (CMS) out there, with an estimated 62% market share and accounting for 94.23% of Sucuri’s clients in 2019.

According to the website security company, 49% of WordPress installations were outdated at the point of infection last year, a much lower percentage when compared to Joomla (90%), Magento (87%), and Drupal (77%).

As of December 2019, over two-thirds of the websites that used PHP ran a version that had already reached end-of-life (EOL) status. Last year, 54.13% of websites using PHP had PHP 5.x, 6.6% had PHP 7.0, and 8.7% had PHP 7.1, which reached EOL status on December 1, 2019.

Related: Website Infections Holding Steady at 1%, But Attacks Becoming Stealthier: Report

Related: Encrypted Threats, IoT Malware Surge Past 2018 Levels: Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...