Website content management systems are complex, and a CMS may have vulnerabilities. The publishers issue patches as soon as they find out, but not every site is up to date. Servers with old versions of CMSs, including WordPress, Drupal, Magento, Joomla, vBulletin, and others, have known vulnerabilities
that criminals know how to exploit.
Plug-ins are a major source of risk. Keeping them all up to date can be difficult, and not all publishers are quick to catch and fix vulnerabilities.
Making sure that all of your website software is up to date greatly improves website production and reduces the risk of infection. However, if the site gets infected, updating the software won't necessarily remove the problem, but malware cleanup will.
Another risk is poor account management. A weak configuration could let someone from outside gain access to the files or the database. Common problems include weak or default passwords, open ports, deprecated protocols, lack of encryption, and poor database security. Exploitation of configuration weaknesses can lead to a breach that gives the attacker complete control.