We came across this CMS security report on Twitter and found it interesting. Especially on the heels of the #Drupalgeddon2 security patches which required very short deployment turnaround to ensure your site was protected from hack bots, it's a good reminder to stay on top of security patches (or subscribe to a security plan such as we offer partners) to make sure your site is secure.
Based on our data, the three most commonly infected CMS platforms were WordPress, Joomla! and Magento. This data does not imply these platforms are more or less secure than others.
In most instances, the compromises which were analyzed had little, if anything, to do with the core of the CMS application itself but more with its improper deployment, configuration and overall maintenance by the webmasters.